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Abstract 


A Geometric Approach to Failure Detection 
and Identification in Linear Systems 
by 

Mohammad-.AJi Massoumnia 

Submitted to the Department of Aeronautics and Astronautics on 
February 20, 1986 in partial fulfillment of the requirements for 
the degree of Doctor of Science in Aeronautics and .Astronautics 

In this work, using concepts of ( (7,A)-invariant and unobservability 
(complementary observability) subspaces, a geometric formulation of the failure 
detection and identification filter problem is stated. Using these geometric 
concepts, we shall show when it is possible to design a causal linear time-invariant 
processor that can be used to detect and uniquely identify a component failure in a 
linear time-invariant system, assuming: i) The components can fail simirltaneously, 
ii) The components can fail only one at a time 

In addition, a geometric formulation of Beard’s failure detection filter problem 
is stated. This new formulation completely clarifies the concepts of output 
separability and mutual detectability introduced by Beard and also exploits the 
dual relationship between a restricted version of the failure detection and 
identification problem and the control decoupling problem. 

Moreover, the frequency domain interpretation of the results is used to relate 
the concepts of failure sensitive observers with the generalized parity relations 
introduced by Chow. This interpretation unifies the various failure detection and 
identification concepts and design procedures. 
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Chapter 1 
Introduction 

In many applications high reliability control systems are necessary. For 
example, in some space missions, a system with hundreds of components is required 
to operate for a period of several years. Such systems must naturally employ 
highly sophisticated fault tolerant control systems (FTCS) with redundant capacity 
to perform a given task. The need for very high reliability has led to extensive 
research into design of systems which can do their job using more than one 
configuration of their components. 

Currently there are two different approaches to the design of reliable systems. 
In the first approach, the objective is to reduce the dependence of the system on 
the operation of individual components and develop systems that remain 
operational even in the presence of a failure without any corrective action being 
undertaken. A few examples of this passive approach to FTCS are qviadriplexed fly 
by wire digital flight control systems and the mid-value select algorithm. The state 
feedback controllers that are designed based on a Lyapunov equation (instead of 
Ricatti equation) for which the closed-loop system remains stable even in the 
presence of actuator failures (assuming the open-loop system is stable) [19], is 
another example of such passive FTCS design methodology. 

Instead of triplicating the expensive hardware components or sacrificing the 
performance of the system under nominal operating conditions in order to gain 
fault tolerant capability, one can first detect and identify the failed component 
using additional information processing and next reconfigure the system to 


accommodate the failure. A block diagram of this active approach to the design of 
FTCS is shown in Fig. 1-1. 



Figure 1-1: Block Diagram of an FTCS 

Clearly, the failure detection and identification task can not be performed 
perfectly, and there is a possibility of false identification. In addition, even if the 
failed component is correctly identified, in some cases it is not at all obvious how to 
reconfigure the system to accommodate the failure. Therefore, this approach 
requires more complex information processing capabilities and has a few of its own 
drawbacks', but with the increasing availability of low cost digital computers this 
will be the preferred approach- especially if it can result in superior performance. 
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An important part of an active FTCS is failure accommodation. In this work 

it is assumed that the corrective actions for accommodating the failures are known 

before hand. However, this might very well turn out to be a naive assumption 

since, in complex systems with many components, it is almost impossible to 

enumerate all possible failure combinations and the corrective measures for 

1 

accommodating them. The issue of reconfiguration or failure accommodation in 
closed-loop control systems is an interesting problem for future research, and in this 
work we shall not concentrate on it. 

The other integral part of an FTCS is failure detection and identification 
(FDI). An FDI process essentially consists of two stages. The first stage is residual 
generation, and the second stage involves using the residuals to make the 
appropriate decisions. In this work we shall only concentrate on residual 
generation, and the reader is referred to the extensive literature available for the 
decision making phase of FDI (see [48] and [44] for a comprehensive survey). 

1.1 Residual Generation 

A residual is by definition a function of time which is nominally zero or close 
to zero when no failure is present, but is distinguishably different from zero when a 
component of the system fails. For e.vample, the difference between the outputs of 
two identical sensors measuring the same quantity is the simplest form of a 
residual. A failure of either sensor corrupts the residual and this can be used to 
detect a failure. The process of generating the residuals from relationships among 
instantaneous outputs of sensors is usually called direct redundancy Two examples 
where direct redundancy was exploited are [14). (17). 

It is also possible to generate the residuals using temporal redundancy , which 
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is the process of exploiting the relationship among the histories of sensor outputs 

i 

and actuator inputs. This is usually done by using a hypothesised model of the 
dynamics of the system to relate sensor outputs and actuator inputs at different 
instants of time. We refer the reader to [10] for an example of using temporal 
redundancy in residual generation. To illustrate the concept, let us consider the 
following simple first order discrete system. 

i(f+l) = a x{t) + b u{t), 

y{t) = cx{t). . (1.1) 

Here y{t) is the sensor output and u(f) is the actuator input. A simple computation 
shows that if the system is functioning properly and no failure is present, then 

y{t) — a y{t-l) - cb — 0. (1.2) 

Relations like (1.2) are known in the literature as generalized parity relations 
[5, 6, 29|. Often, a parity relation by itself is used to generate a residual r[t). In 
our example, simply take 

r(<) = y(0 - a ii(<-l). (13) 

Assuming the actuator is perfect and no measurement noise is present, r(t) can be 
used to detect any sensor failure. Chow and Lou have studied the generalized 
parity relations in detail, and the interested reader is referred to [.5, 29] for a 
thorough treatment of this approach to residual generation In Chapter b, we shall 
expose the fundamental relation between the generalized parity relations and 
failure sensitive observers (FSO) which are the mam theme of this work. 

FSO are another class of processors which use temporal redundancy to 
generate the residuals. To illustrate the concept of an FSO for the case of actuator 
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failures, let us consider an observable linear time-invariant (LTI) system with two 
actuator inputs: 

x{t) = A x[t) + B u(0 -f- + B2>ri2(0> 

y(t) = Cx{t). (1.4) 

In (1.4), Bi is the first column of the control effectiveness matrix B, and similarly, 
B 2 is the second column of B. The term Bjmj(<) characterizes a failure of the first 
actuator, and 52^2(0 characterizes a failure of the second actuator. The functions 
m,(f) are assumed to be completely unknown. However, by definition, ?n,(t) = 0 
when no failure is present. Also for this example we assume that our sensors are 
perfectly reliable. 

Consider designing a full order observer with the following structure for the 
system given in (1.4). 

w{t) = [A-\-DC) w(t) — D y{t) 4- B u{t). (1.5) 

Now use the estimated value of the state to generate a pseudo measurement 
z[t) .= C w{t). If no failure is present, the difference z{t) — y{t) will die away if 
the observer is stable. However, when an actuator fails, e g., mj(t) ^ 0, the 
observer continues to predict the unfailed nominal behavior of the plant, but the 
actual output y{t) certainly contains the effect of the failure. Thus in the presence 
of a failure, the innovation r(0 — y(t) will start to grow, and by putting a threshold 
on the magnitude of the innovation we can detect the presence of a failure in the 
system. 

The more complicated problem is whether we can use the directional 
properties of the innovation to identify the failed component. Beard [3] was the 
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first to realize that through appropriate choice of the gain matrix it was possible to 
confine the innovation caused by an actuator failure to a fixed direction in the 
output space. He derived a set of sufficient conditions for the existence of a filter 
such that the innovation is constrained to lie in independent subspaces for different 
actuator failures. Shortly afterward, Jones [22] extended some of the results in 
[3] and gave a complete procedure for modeling failures and designing a failure 
detection and identification filter. Nevertheless, there are some fundamental 
difficulties associated with the approach used by Beard and Jones. In Section 4.2, 
we shall discuss some of these difficulties and shall rederive most of the results 
reported in [3, 22] using our geometric approach. However, we do not intend by 
any means to discredit the fundamental contribution of Beard and Jones to failure 
detection and identification theory. Our work builds on their ideas, but the 
mathematical tools we use are more general. 

Let us continue our example so that we can illustrate how the directional 
properties of the innovation can be used in identifying a failure Define two 
different linear transformations of the innovation, and as follows: 

r^it) := ( 1 . 6 ) 

roit) ;= Hoizit) - y{t)). (1.7) 

If we can find matrices D, and such that the failure of the first actuator 
shows up in r^(f) but has no effect on r. 2 (f), and the failure of the second actuator 
shows up in ro{t) but has no effect on r^{t), then the identification task is trivial. 
One only needs to compare the magnitudes of r-^(t) and ro(0 with some appropriate 
thresholds to decide whether either or both of the actuators has failed. 

Clearly, if the innovation growth is constrained to independent subspaces, 
then Hi and Ho can simply be taken as the projection matrices onto these 
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independent subspaces. This is basically the approach taken by Beard and Jones. 
However, a more natural approach is to find the matrices with the gain matrix 
D as part of the design process. 

To further illustrate the concept, let us define e{t) := w{t) — x{t). Using 
(1.5), (1.6), and (1.7), we have 

e{t) = {A+DC) e{t) — B-^ ^i{t] — B 2 m.)(0> (1-8) 

ri(0 = H^C e{t), r.,(0 = H.yC e{t). (1.9) 

From elementary system theory, for a nonzero not to affect r^(f), the 

image of Bo should be in the unobservable subspace of the system (HiC,A+DC). 
This restriction guarantees that the transfer function from rrioit) to r^{t) is zero. 
Also for a nonzero mi(t) to show up in r^(0, the image of Bj should not intersect 
the unobservable subspace of (H^C,A+DC). Similar arguments can be given for 
the unobservable subspace of (B.oCVA+BC'). 

By proper choice of the matrices D, and Ho we can modify the 
observability properties of the system relating the failure events to the residuals. 
Clearly, the unobservable subspace of [HiC,A+DC] is simply the subspace spanned 
by those eigenvectors of A-\-DC which are in the null space of H^C. Also, the 
column vector Bo should be a linear combination of those eigenvectors, since the 
second actuator failure should not show up m the first residual. Therefore, our 
problem is really to use the freedom in assigning the eigenvectors of A+DC (see 
[31]) to satisfy the failure detection and identification requirements. 

On the other hand, instead of looking for the matrices D, H^. and Ho, we can 
formulate the problem in terms of the existence of subspaces and So that contain 
the images of Bo and Bj respectively and that can be assigned as the unobservable 
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subspaces of [HiC,A-‘rDC] and [HoCA+DC) respectively for some H2, and D. 
If such subspaces 5^ and 5o exist and can be computed only from A, C, , and 
then we can easily find Hu Ho, and D from S^ and So, and hence solve the problem 
in an indirect manner . This is the essence of the geometric approach that we shall 
use in this work (see [50]). When this method is applicable, it converts a highly 
complicated problem in Hi, Ho, and D to a straightforward problem in Sj and So- 

A subspace like 5^ which can be assigned as the unobservable subspace of 
{HiC,A+DC) by appropriate selection of the matrices Hi and D is called an 
unobservability subspace (complementary observability subspace [47]). As should 
be clear by now, these subspaces play a central role in the FDI problem, and the 
entire subject of Chapter 2 is devoted to exploring the properties of these subspaces 
and the related concepts. 

1.2 Overview 

Now let us say a few words about the organization of this thesis. In Chapter 
2, the mathematical tools needed for solving the failure detection and identification 
problem are reviewed. The first section recalls linear algebra and system theory 
concepts. As is clear from the past section, characterizing the eigenspaces of an 
observer plays an important role in the problem of failure detection and 
identification. In Section 2.2, the concept of the (C',A)-invariant subspaces, which 
is a powerful tool for modifying the eigenspaces of an observer, is reviewed. That 
section also reviews the concept of invertibility and input observability of linear 
time-invariant systems In Section 2.3, we review the concept of unobservability 
subspaces. These objects are extensions of the (C,A)-invariant subspaces, and they 
play a central role in the solution of failure detection and identification problems. 
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In Section 2.4, we introduce the concept of compatibility of a family of 
(C,A)-invariant subspaces, which is used later on to reduce the order of the failure 
detection and identification filter. Also, we extend the definition of output 
separability given by Beard [3] and relate this concept to the compatibility of a 
family of (C,A)-invariant subspaces. 

In Chapter 3, we show how different component failures like actuator failures, 
sensor failures, or changes in the characteristics of the plant can be modeled. We 
continue with definition of the failure detection and identification filter problem 
(FDIFP) in its most general form. In Section 3.2, the effect of sensor failure on the 
innovation of a full order observer is analyzed. This leads to the introduction of the 
new concepts of modified (C,/;A)-invariant and [C,J\A) unobservability subspaces. 

Most of the contributions of this work are contained in Chapter 4. First, in 
Section 4.1, the fundamental problem of residual generation (FPRG) is introduced 
and solved. In this problem, only two failure events are present and it is desired to 
design a residual generator that is sensitive to the failure of one of the actuators 
but is not affected by the failure of the other actuator. Next, FPRG is extended 
(EFPRG) to the case where multiple failure events are present, and it is required to 
design a residual generator that detects and correctly identifies failure events in the 
presence of multiple simultaneous failures. Using the solvability conditions of 
EFPRG, the fundamental concept of a strongly identifiable family of failure events 
is introduced. In Section 4.1.2, we consider the special case where the measurement 
matrix is full column rank, i.e., the case of fully measurable state, and give a 
minimal solution to EFPRG 

In Section 4.2, a new formulation of the Beard and Jones detection filter 
problem (BJDFP) is given. Our formulation of BJDFP is somewhat different from 
the formulation that Beard gave in his doctoral thesis [3], but there are enough 
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similarities to justify the name. We show that BJDFP has a computationally 
simple solution when the failure events are one-dimensional. Also, we derive the 
interesting relation between the fixed spectrum of the detection filter and the 
invariant zeros of an appropriate system. 

In Section 4.3, we restrict the structure of the residual generator, and 
introduce the restricted diagonal detection filter problem (RDDFP). The nice 
feature of RDDFP is that when a solution to the problem exists, then the solution 
is usually of a lower order than the solution to EFPRG. It turns out that RDDFP 
is an exact dual of the restricted control decoupling problem which has been 
studied extensively in the 1970’s [49, 32, 34]. Next, we expose the relationship 
between RDDFP and BJDFP. 

In Section 4.4, the requirement of detecting and identifying simultaneous 
failures is relaxed, and the triangular detection filter problem is formulated and 
solved. This problem is an exact dual of the triangular decoupling control problem 
introduced in [33]. Finally in Section 4.5, the necessary and sufficient conditions 
for the existence of a solution to FDEFP are derived. Using the solvability 
condition of FDIFP, the important system theoretic concept of an identifiable 
family of failure events is introduced. 

In Chapter 5, the frequency domain interpretation of the results in Chapter 4 
is discussed. This interpretation is used to relate the strong identifiability of a 
family of failure events with the left invertibihty of an appropriate system, and 
hence develop a simple procedure for solving EFPRG in the frequency domain. 
Also the frequency domain interpretation is used to relate the closed-loop residual 
generators of Chapter 4 with the residual generators which are designed based on 
the generalized parity relations. This enables us to unify the residual generation 
concepts. 
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Finally in Chapter 6, we conclude our work with a summary and suggestions 
for future research. We have also included some useful definitions and additional 
results in the appendices at the end of the thesis. 
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Chapter 2 

Mathematical Preliminaries 

In this chapter, we review the geometric ideas relevant to our work. First our 
notation and the preliminary linear algebra concepts are reviewed. The reader is 
referred to [18], [16], and [50] for a more in-depth treatment of these subjects. Then 
we go over the concept of a (C',A)-invariant subspace, which forms the backbone of 
our approach to the failure detection and identification filter problem. Next, we 
give a new interpretation of an unobservability subspace based on a measurement 
mixing map. At the end of Section 2.3, we have included an example which 
illustrates the concepts developed in Sections 2.2 and 2.3. Finally, in Section 2.4, 
the issues related to the compatibility of a family of (C,A)-invariant subspaces are 
addressed. 

2.1 Notation and Background 

Theorems, Lemmas, Propositions, and Definitions are all numbered together, 
e.g., there will not be a Theorem 3 and also a Definition 3. 

With k a positive integer, k denotes the set {1,2, Similarly 

kg = {0,1, . . . ,k}, and k-1 = {1,2, . . . , If A is a finite set, |yll denotes the 
number of its elements. The symbol = means equality by definition. We denote 
the spectrum of A by cr(A). The identity matrix is denoted by I. The symbol y 
denotes union with any common elements repeated. We say A is a symmetric set if 
X G A with x complex implies x* G A, where * denotes the complex conjugate. 
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Script letters X, y, Z, ... denote real vector spaces with the elements x, y, 
z,...; the zero space and zero vector are denoted by 0 ; the empty set is denoted by 
0. The dimension of the vector space X is denoted by d{X). In this work we shall 
be concerned only with finite dimensional spaces. If the vector spaces X and y are 
isomorphic (i.e., d{X) — d{y]), we write X czi y. 

If S and T are two subspaces, then S C T means 5 is a subspace (not 
necessarily proper) of T If S and ^ are subspaces of X, then X + S and ^ H 5 are 
defined as follows; 

+ S ;= {r-hs : r E Ji, s E S}, (2.1) 

^ n S := {x : X E ^ and x E S}. (2.2) 

The family of all subspaces of X is partially ordered (see Appendix A) by 
subspace inclusion (C) (i.e., 1. 5 C 5, 2. if S C ^ and Z QT then S C T, 3. if 
S Q Z and Z Q S then S — Z). Under the operations + and n, this family forms 
a lattice (see Appendix A): namely 5 + is the smallest subspace containing both 
Z and S, and S f1 ^ is the largest subspace contained in both Z and S. The 
concept of a lattice will be used later on when we deal with the comps^tibility issue. 

Two subspaces S and Z are said to be independent if S Pi = 0. A family of 
k subspaces {W^, i E k} is independent if^ 

(E;y (2.3) 

If {)!/,, i G k} is a family of independent subspaces, their sum will be written as 


1 


Unless otherwise noted all sums and intersections are over k 
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;= )i'i © • • • e % (2.4) 

In general 0 indicates that the subspaces being added are known or claimed to be 
independent. Clearly if S and R are independent then d{S+JZ) = rf(5) -f- d{R). 

Let JTj and X 2 be arbitrary linear spaces over the field of real numbers R. 
The external direct sum of Xi and X 2 , written X^ 0 Xo, is the linear space of all 
ordered pairs 

{(il,X2) : € ^1, X2 C X 2 }, 

under componentwise addition and scalar multiplication. Note that we are using 
the same symbol for both external and internal direct sums; however, the 
distinction will be clear from the context. Sometimes it is convenient to write 
Xi 0 X 2 instead of for elements of Xi 0 Xo- 

i 

Let X and y be linear spaces over the field of real numbers K, C : X — » y 
denotes a linear transformation (or map) from X to y. Let {a:,', i E n} be a basis 
for X and {y,-, i E 1} be a basis for ]/; then 

Cxi = ci,yi + ■ ■ ■ + ci^yi, i E n, 

for uniquely determined elements c,y E R- The lX?i array is the matrix 
representation of the map C. Both maps and their matrix representations are 
denoted by capital italic letters A, B, C, ... We assume that the reader is 
already familiar with matrnx operations and concepts like rank, determinant, and 
minors of a matrix. 

Let C : X — *• ]/ be a map. The vector space X is called the domain of C, and 
y is the codomain . The kernel (or nullspace) of C is the subspace 
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Ker C := {r : x € X and Cx = 0} C X. (2.5) 

The image of C is the subspace 

Im C := {y : y E 1/ & 3x E X,y = Cx}Cy. (2.6) 

We usually denote the image of an arbitrary map C by script C. Note that the 
image and the codomain of a map are not necessarily the same because the map is 
not necessarily onto. 

k Q X, Ck denotes the image of k under C and is defined by 

j 

Ck [y:y e y &3x e = Cx} C y. (2.7) 

If S i/. C~^S denotes the inverse image of S under C and is defined by 

C-15 := {x : X € r & Cx E 5} C r. (2.8) 

Note that C~^ is the inverse image function of the map C, and as such it will be 
regarded as a function from the set of all subspaces of y to those of X. If 
C . X —* y and .^2 C X, it is simple to show 

C[k^^ ko) = Ck^ + Ck.2, (2.9) 

but in general 

c{kinJio)cckinck 2 (2.10) 

with equality if and only if 

(^j 4" ko) 0 K.er C = k^ O I\er C 4- ko D Ker C 


Dually if 5^, 52 C ^ we have 
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c-i ( 5 j n S2) = c-^Si n c-^So, (2.11) 

but 

(7-1 (Si + S 2 ) D C-i5i + <7-152. i (2.12) 

Also if {.?,■, i E k} is a family of independent subspaces, then 

<7(^1© ••• © ;2)fc) = <7;2i © ••• e CJ^k (2-13) 

if and only if 

(-^1 © ••• © >?jt)nKer<7=>CinKerC © ••• ©;2^nKer(7. (2.14) 

We say C is epic xilrnC = y (i.e., the matrix representation of C has full row 
rank). If (7 is epic then it has a right inverse <7~'’ such that CC~^ = /. We say C 
is monic if Ker (7=0 (i.e., matrix representation of C has full column rank). If C 
is monic then it has a left inverse C~^ such that C~^C = /. 

Let V C JT, d{V) = k. Since V can be regarded as a dimensional linear 
vector space, a vector v ^ V can be described as an element of either V or X. Let 
* € k} be a basis for V, and {x,, i € n} be a basis for X. Then each v^ can be 
represented as follows: 

The nXk matrix [u,y] determines a unique map V': V — <■ X. We call this map the 
insertion map of T in X. 

Let C ■. X — * y, and V C JT be a subspace with insertion map V- V X. 

The restriction of C to V is the map (C : V) : V — ► ]/, and is given by 
(C : V) ;= CV. Now suppose Im C' C C I/. We can restrict the codomain of C 
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to If W : — » ]/ is the insertion map of in 1/ then the new map 

{W: C) : X —*■ W with the restricted codomain is given by (X/ : <7) := W~^C. 

Let r be a linear vector space over the field of real numbers R. We denote 
the set of all linear functionals x ' : Jf — ♦ R by T' . This set of linear functionals 
is turned into a linear vector space over R by the definitions 

(xj' + Xo')a? := Xi'x -I- x^'x; x/ £ X‘, x Q X 
[cx^)x := c(xi'x); x^£X\ c £R. 

The vector space X' is called the dual space of X. 

If {xj, . . . , x„} is a basis for X, the corresponding dual basis for T' is the 
unique set {xj', . . . , x„'} C X ' such that x/x^ = (5,-^ where 5,^ is the Kronecker 
delta. 

Let C X y he a. map. The dual map C : y ' — »• X' is defined as 
follows. Fix Hq ^y ' and let x ^ T vary. The scalar i/qCx is clearly a function of x 
and a linear functional on X Hence there exists Xq' G X ' such that Xq'x = y^Cx. 
Now let j/q' to vary over y '. The correspondence x^i = y^Cx defines a 
transformation between y^ and Xq' which is defined to be the dual map C By 
choosing arbitrary bases for X and y, and their duals X ' and y it is easily shown 
that if C=[c,j| then 6" = [c^,]. Therefore, in matrix notation C" is just the 
transpose of C. 

If S Q X, then S-L is the annihilator of 5 and is defined as follows; 
s± .= { x' . x'5 = o, x' e r' I (2.15) 

Clearly S-i- is a subspace of X ' Thus, 0-L = X ', X-1- = 0. 


If C X and 5 C X, then 
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(je + s)-L = je-L n s-i, 

(2.16) 

(je n 5)-L = jei -H 51 . 

(2.17) 

Also 


C 5 if and only if D S-^. 

(2.18) 

We now form the dual space {Xy of X'. Fix Xq£X, 

2 := (r')'by 

and define z in 

Z{y •) = y 'xq, y‘eX'. 

(2.19) 

Note that ziaiyi+a^yo) = ^ hence 

functional on X *. Also for every linear functional zq G 2, there is 
such that 

2 E Z is a linear 
a vector Xq E X 

-’’0(y ') = y 

(2.20) 

for every y'G X'. Equations (2.19) and (2 20) provide a basis independent natural 
isomorphisim Z ~ I", and from now on we identify (X')' as X. Thus, if ^ C X 
then 

(;e-L)-L = 

(2.21) 

Let C : r ^ ]/, je C r, and S C J/; then 


(Im C)1 = Ker C 

(2.22) 

(Ker C)-! = ImC7', 

(2.23) 

(C2}± = (C'}-^J^1 

(2.24) 

(C-^S)± = C'S±, 

(2.25) 
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(7^ C 5 if and only if J? C C~^S, 

(2.26) 

C{C-^S) = S Dim C, 

(2.27) 

C-^ [CR.) = je + Ker C. 

(2.28) 

Using the above identities, the subspaces >5-1-5, >5 fl 5, and A“^5 can be 

computed with the following matrix algorithms. Let R : Z -* X and S : S -* X 

* 

be the insertion maps. Let B-L (S-L) be a maximal solution (i.e., a solution with 
maximum rank) of R-^R = 0 (5-1-5 = 0); then 

R + S = lm[R, 5], 

(2.29) 

>5 n 5 = Ker , 

_5-i- _ 

(2.30) 

A-^R = Ker [B-La]. 

(2.31) 


We shall use the following trivial facts throughout this thesis. 

Proposition 1: Let Band <7 be arbitrary nXm and nX / matrices 
with entries in an arbitrary field F. Then the linear matrix equation 

BX=C (2.32) 

has a solution for X if and only if Im (7 C Im B Thus, (2.32) has a 
solution if B is epic Similarly, 

XB = C (2.33) 

has a solution for A" if and only if Ker B C Ker C Thus, (2 33) has a 
solution if B is monic. ® 

Now we work out an example to familiarize ourselves with using matrices in 
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representing subspaces. Let Tj = Im Tj and T2 = Im T2 where and To are 



’ 1 

1 

0 


1 

0 ‘ 

II 

0 

1 

II 

-1 

0 

1 

0 

1 

0 


1 

0 

1 


In our terminology and To are the insertion maps of and T>. First we find the 
annihilators of Ti and 7^ (see (2.15)). Obviously these subspaces are the left 
nullspaces of Tj and T2. 


Ti-L = Im 


1 

0 0 
1 

C r', To-L = Im 

’ 1 ‘ 
1 

LiJ 


1 

0 

1 


c r'. 


Now we compute the fl T2 using (2.30). 



‘00 1 ‘ 


1 

Tj n T2 = Ker 

1 10 

= Im 

-1 

0 


Obviously fl "I9 C and in the given basis, fl To considered as a subspace of 
has the representation [1 —1]' because 


1 


’ 1 

0 


1 

-1 

= 

0 

1 


-1 

0 


0 

0 



Keeping this in mind, we compute the inverse image of To under T^ using (2.31). 


ri-l(ro) = Ker[[110] 


’10' 

) = Ker [1 1] = Im 

’ 1 ' 

0 1 


-1 

0 0 




Note that Ti~^[To) = H T2) as should be . 


Let S C JT. We say vectors x, y E X are equivalent mod S if x—y E S (see 



-27- 


Chapter 7 of (16|). Clearly equivalence mod S is a relation satisfying the reflexive , 
symmetric , and transitive properties (see Appendix A). Each vector x ^ X has 
associated with it an equivalence class w defined as follows: 

w := {y : y G X, y-i G 5}. (2.34) 

If we take two equivalent classes Wi and mo and add the elements of with 
arbitrary elements of wo, then all the sums belong to one and the same class, which 
will be called the sum of the classes Wi+W 2 - Similarly, if all the elements of the 
class w are multiplied by a number a G R, then the products belong to -one class 
which will be denoted by a w. Hence, the set of all equivalence classes w^, w- 2 , 
with the two operations addition and scalar multiplication as defined, form a linear 
vector space, which is called the factor space X/S. It is simple to see that 
d{X/S) — d[X) — d{S). For x ^ X the element m E X/S\% the coset of X mod S; w 
is sometimes written x + S. The map P : X -* X/S such that w = Px \s called the 
canonical projection of X on X/S. Obviously Ker P = S and P is epic. 

Let A : X —* X. A subspace 5 C X is .4- invariant if A S C S . Let S C X be 
A-invariant and P: X -* X/S be the canonical projection. There exists a unique 
map (A: X/S): X/S — » X/S such that [A:X/S)P=PA. A: X/S is the map 
induced by A on the factor space X/S. Let 5: S — »• X be the insertion map. 
There exists a unique map (A ; S) : S — *■ S such that A5 = 5(A : S). A : S is the 
restriction of A to S with the restricted codomain S (i e., short for S : (A S)). Let 
Z be any subspace such that X = S © Z, and let {r-, i E k} be a basis for Z. 
Choosing a basis {Sj, ;E 1} for S, we see that in the basis (s^, . . . ,rj^} for X the 
matrix representation of the map A has the following form 


l 
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A = 


Ai A3 
0 A 2 


(2.35) 


Aj and A 2 are the matrix representations of the maps A: S and A-.X/S 
respectively. The block-diagonal structure of A in this new basis clearly shows that 


<t(A) = <t{A ; S) y (t(A ; X/S). (2.36) 

If S and T are both A-invariant subspaces and S Q T, we write A'.T/S for the 
operator induced by the restriction of A to T on the factor space T/S. 

The maps A \ X X, B : U I, and C : T 1/ {d{X) = n , d[y) = / , 
d{U) =m ) will be fixed throughout and are associated with the system 

S : i{t) == A x{t) + B u{t), y{t) = Cx{t). (2.37) 

We refer to (2.37) as the ’’system (C,A,jB)” or ’’system E” interchangeably. 

We write B = lm B and 


<A\B> ;= S-f- AS+ • • • -h A^-^5 (2.38) 

for the infimal A-invariant subspace containing B, i e., the controllable subspace of 
the pair [A,B). We write K = Ker C and 

<K\A> := xn A“ix:n • • • riA-'^+ix’ (2.39) 

for the supremal A-invariant subspace contained in K, i.e., the unobservable 
subspace of the pair (C,A). 

i 

Consider the system E given in (2.37). Let S C T be A-invariant, S C Ker C, 
and P. X -+ XJShe the canonical projection. The symbol E\ X/S denotes the 
factor system defined by the triple [Cq,.Aq,Bq) with A^ := A: X/S, Bq := PB, 
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and Cq the unique solution of CqP = C which exists because S = Ker P C Ker(7 
(see Proposition 1). Therefore, if S is the unobservable subspace of the system E, 
then E ■. XJ S is the system with the unobservable subspace factored out, and thus 
is observable. 

Proposition 2: Let S Q X he yl-invariant. Let S : S -* JIT be the 
insertion map, and [C,A) be observable. Then (CQ,>iQ) is observable where 
Cq := (C : S) (i.e., Cq = CS) and Aq := {A: S) (i.e., Aq is the unique 
solution of AS = 5Aq). 

Proof: Because {C,A) is observable, 

0 = Ker C n Ker CA n • • • fl Ker CA^~'^. 

Taking the inverse image under S of both sides and remembering that S is 
monic and 5“^ (Ker C) = Ker CS, then 

5-lQ = 0 = Ker C5 n Ker CAS n • • • D Ker CA^-~^S. 

Substituting for CS and .45, we have 

0 = Ker Cq fl Ker CqAq D • • • f! Ker CqAq^~^. 

i 

Thus (Cq,A^) is observable. 0 


2.2 (C,4)> in variant Subspaces 

As we noted in Chapter 1, the essence of the geometric approach is to look 
for subspaces that solve our design problem. In the failure detection and 
identification problem, our goal is to design an observer. Hence, characterizing the 
invariant subspaces of A+DC (i.e , the eigenspaces of the closed loop filter) is 
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fundamental to our synthesis problem. With this motivation, the concept of a 
(Cj^j-invariant subspace is introduced. 

Definition 3: Let A . X —* X. and C.X—*y. We say a 

subspace TJ/ C Z is (C,^)- invariant if there exists an output injection map 
D : y —* X such that [2, 50, 47] 

(A+DC7) VfQ-W . (2.40) 

0 


The class of D for which (2.40) holds will be denoted by D{W). Given any 
(C, A)- invariant subspace, it is simple to characterize the elements of Let 

W: Vil ^ X be the insertion map and P be a maximal solution (i.e., a solution of 
maximum rank) of PW=0. Then it is immediate from (2.40) that D G D{W) if 
and only if Z) is a solution of l 

P[A-^DC)W = Q. (2.41) 

Given a subspace W, it will be fruitful if we can tell whether it is 
(C,A)-invariant or not without computing a Z) G DjW). The following lemma 
provides an answer to this problem, and so is of fundamental importance. 

Lemma 4: A subspace is ((7,A)-invariant if and only if 
A(H^nKer C) C (2.42) 

Proof: (if) Let Wj, . . . be a basis for W such that 

Wi, . . . ,wj^ spans ll/fl Ker C. From (2.42) Au', = -s, (z G k) for some 
s,- G Also {A+DC)w^ = s, (z G k) for arbitrary D because 

Wf G Ker C (z G k). Now, denote AWj = Xj{k <. j < p) for some 
Xj G X. Let Z) be a solution of 
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DC\w^^y . . . ,Wp\ = -{xk+i, . . . ,Xp\ (2.43) 

which exists because . . . ,Wp] is monic. With this D, clearly 

(A+Z)C)w,- = s,- (i € p) for some s- € and [A+DC) W Q W follows 
immediately. 

(only if) Let W be (C,A)-invariant. Let {w^, i G k} be a basis for 
"W n Ker C. By hypothesis, [A-hDC) W G W; thus {A-\-DC) G W. But 
Cw^ = 0; therefore, Aw,- G and we have A (WD Ker C) G W. 0 

It is clear from (2.43) that any Dq such that DqCwj= Vj ^ P)i for 

a^ny Vj € is also a member of ^{W). Thus, if Z) G ^(^) then a sufficient 
condition for Dq G ^ “W) is 

(D-Dq) CW G W. (2.44) 

This condition is also necessary as is obvious from (2.40). Let P: X —* X/IV be 
the canonical projection. Clearly, (2.44) implies that if G D{W) and PD = PDq 
then Dq G D{W). Moreover, if C is epic and W ■+■ Ker C = X, then it follows from 
(2.44) that for all D, Dq G ^(^). PD = PDq. 

From the definition of a {(7,A)-invariant subspace, it is obvious that yi) is 
(C,A)-invariant if and only if W is (C,A+Z)o^)'ii^''ariant for any arbitrary map Dq. 
Also, any A-invariant subspace is automatically (C,A)-invariant (simply choose 
D = 0). 

Consider the system given in (2 37) with B = 0. We can state the concept of 
a (C,A)-invariant subspace in terms of designing an observer that estimates a 
certain linear transformation of the states. This concept is due to Willems [47] and 
is formalized in the following proposition. 


Proposition 5: .A subspace "M/ is (C,A)-invanant if and only if there 
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exist matrices E and F such that u;(0) = Fi(0) yields w{t) = Px{t) for 
^ > 0 where 

w{t] — F w{t) -1- E y(t], (2.45) 

and F; r — * X/"W is the canonical projection of Ml. \ 

Proof: (if) Let Ml be (C,yl)-invariant, then by definition there exists 
a D such that [A+DC) MJQ'W. Let P. X — *■ XfM) be the canonical 
projection of Ml and w{t) := Px(t). Let us define F and E as follows; 

F := A+DC ; X/MI and E := -PD. (2.46) 

Then 

u;(f) = Px{t) = PA x{t) 

= PA x{t) + PDC x{t) - PD y{t) = FP i(0 - PD y{t) 

= Fw{t) -I- Ey{t). 

(only if) Let x{t) £ Ker C; then obviously y[t) = 0 and 

w{t) = F w{t] = P x{t) = PAx{t). 

Moreover, if x(<) G Ker C, then w(t) = 0, and the above relation 

implies PA x(t) = 0. But this implies that A x(i) £ Ml Hence 

A (Ml n Ker C) C M>, and using Lemma 4, it follows that Ml is 
(C7,A)-invariant. 0 

The philosophy behind the interpretation of Proposition 5 is to give special 
attention to those outputs w(t) = Px(t) which, with KerF=H/, may be 
reconstructed exactly from y(t) [47]. 

Assume contrary to the assumption we made previously that B ^ 0. Then a 
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simple computation shows that the result of Proposition 5 still holds if we add the 
term PB u{t) to the right hand side of (2.45). Now if the subspace "W is such that 
Im 5 C W, then obviously PB=0. In other words, the observer given in (2.45) 
does not need to have any knowledge of the input to the system, u(/), in order to 
perfectly estimate Px[t), e.g., even if the actuator fails and its behavior is unknown, 
the observer is still capable of perfectly estimating Px[t) given the initial conditions 
are perfectly known. 

For completeness, we go over the concept of an (A,B)-invariant subspace and 
exploit the duality that exists between an (A,jB)-invariant and a (C,>l)-invariant 
subspace. We say a subspace V C X is (A,B)- invariant if there exists a state 
feed-back map F : X U such that (A-f-B/^ V C V [50, 45j. Obviously, 

(A,jB)-invariant subspaces will be useful when we try to use state feedback to 
modify the characteristics of the plant. It is simple to show [50, Lem. 4.2] that V is 
(A,5)-invariant if and only if 

AVCV+lmB. (2.47) 

Similarly, it is immediate from the definition that V is (A,5)-mvanant if and only if 
it is {A+BFQ,ByinyB.TisLnt for any arbitrary map Fq. Also any A-invariant subspace 
is automatically (A,B)-invariant (simply choose F= 0). 

Theorem 6: Let 'W Q X. It' is (C',A)-invariant if and only if is 
(A ',C ')-invariant. 

Proof; (if) By hypothesis H' is (C,A)-invariant, thus 


(A+DC) H/ C H/ 
WQ{A+DC)-^'W (by (2.26)) 
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Wl D (A '+C 'D ')W-i (by (2.25)). 

Therefore, is (A ',C')-mvariant. 

(only if) By hypothesis W-^ is (A ',C")-invariant. Therefore, using 
(2.47) we have 

A'H/-L C li'-L -f-ImC' 

A-^WDWn Ker C (by (2.21), (2.22), and (2.24)) 

A{WnKeTC)CW (by (2.26)). 0 

Now we continue with exploring the properties of a family of (C,A)-invariant 
subspaces. Let L C X. We denote the class of (C',A)-invariant subspaces 

containing L by }V{L). Using this notation, the class of all (C,A)-in variant 

* 

subspaces of X can be written as )V(0). 

Lemma 7: The class of subspaces ]V[L) is closed under 

intersection. 

Proof; Let Wi E jW^(L) and "Wo ^ Then obviously 

L C "Wo", hence, L Q Moreover, from (2.42) 

A (Ti'i n Ker C) C 
A [^2 n Ker C) C m, 

A (l^i n Ker C) n A (m, n Ker C) C n ^2 

A ()l/i n m, n Ker C) C )Vi n w> (by (2.10)). 

Thus WiDW 2 e 1(1). 0 


Unfortunately, the family of all (C,A)-invariant subspaces of X is not closed under 
subspace addition (e.g., the sum of two (C,A)-invariant subspaces is not necessarily 
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(C7,A)-invariant); thus thb family is not a sublattice of all subspaces of X. 

Because ^L) is closed under intersection, it follows immediately that it 
contains an infimal element Vi}* := inf ^{L) [47). By an infimal element of a 
family we mean a member of the family that is contained in all other members of 
the family. 

Now let L Q X. We denote the family of (A,J5)-invariant subspaces 
contained in L by V(jC). It is simple to show that V(I) is closed under addition 
(50); therefore, it contains a supremal element V* := sup V(£). By a supremal 
element of a family we mean a member of the family that contains all other 
members of the family. 

These extremal subspaces have interesting system theoretic interpretations. 
Consider the system i7, and let W* .= inf W{B). A choice of output injection map 
D G amounts to rendering the system minimally controllable from the input 

u (i.e., the subspace <.A+DC\B> will be as small as possible). This interpretation 
of W* will be useful in FDI as we shall see in Section 4.2. Systems for which 
}V* = X are called perfectly controllable , since the controllability of such systems 
cannot be altered by output injection. 

Another interesting property of W* is that 

W* C <A\B>. (2.48) 

Note that <.4[S> is A-invariant and also B C <.4|5>. Hence, <A[B> is 
naturally (C,A)-invariant, and we have <A|S> G }V(B). Using the definition of 
W*, (2.48) follows immediately 

Dually, let "V* := sup T^Ker C). A choice of state feedback F G ^^) 
amounts to rendering the system maximally unobservable from the measurement y 
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(i.e., the subspace <Ker C]A+BF> will be as large as possible). Systems for which 
V* = 0 are called perfectly observable [23], since the observability of such systems 
can not be altered by state feedback. 

The dual of (2.48) is also true. Namely 

<Ker C\A> C V*. (2.49) 

The derivation is dual to the one given for (2.48). 

The extremal subspaces W* and V* are also useful in checking the right and 
left invertibility (cf. [38]) of a given system. Because the concept of left invertiblity 
will be used later on in formulating the failure detection and identification problem, 
it is helpful to formally state it in here. 

Definition 8: Consider the system 17, and assume x(0) = 0. We 
say i7 is left invertible if y{t) = 0 for f > 0 implies that u{t) = 0 for f > 0. 

<s> 


Clearly, this definition is equivalent to requiring that the transfer matrix 
C{sI—A)~^B has a left inverse (i e., the columns of the transfer matrix are linearly 
independent over the field of rational functions). 

Now we state the result which relates the invertibility of a given system to 
the extremal subspaces "W* and V*. 

Proposition 9: Consider the system (C,A,B). Let 

W* := inf ll^Im 5) and V* := sup V(Ker C). For the moment let 
/ < m. Then the system {C,A,B) is right invertible if and only if C is epic 
and 


Ker C + Ml* = X. 


(2.50) 
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Now let / > m. Then the system [C,A,B) is left invertible if and only if B 
is monic and 


Im B n V* = 0. 


(2.51) 

0 


i 

« 

We refer the reader to [34] (also see Exc. 4.4 of [50]) for a complete derivation of 
the above proposition. Using Proposition 9, it follows immediately that every 
perfectly controllable system with C epic is right invertible. Dually, every perfectly 
observable system with B monic is left invertible. A perfectly observable and 
perfectly controllable system with C epic and B monic is called irreducible [8j. 
Note that an irreducible system is square and invertible. 


Now we state the definition of input observability (cf. [38]). 


Definition 10; We say the system {C,A,B) is input observable if B 
is monic and 


<Ker C\A> n B = 0. 


0 


We can give a more intuitive interpretation of an input observable system. 
Consider commanding the system [C,A,B) with a step input of strength Uq, and 
observing the system output y{t). This system is input observable if and only if we 
can uniquely determine Ug from observing the output y{t) for f > 0 [38|. .-yso it is 
simple to show that the system B is input observable if and only if there does not 
exist a nonzero mXl constant vector / such that C[sI—A)~^Bi — 0; i.e., the 
columns of the transfer matrix are linearly independent over R. 

The concept of input observability is closely related to the concept of left 
invertibility. As a matter of fact every left invertible system is input observable. 
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This simple fact follows immediately from Proposition 9, (2.49), and Definition 10, 
but the converse is not necessarily true. For example, the following system is input 
observable but not left invertible. 



1 

o 

CO 
1 


■ 1 -3 ■ 


' 0 1 o' 

A = 

12 3 

,B = 

0 1 

, c- = 



1 

lO 

(M 

o 
1 


0 0 


0 0 1 


Note that the transfer matrix of this system is simply 


= ., 3 _ 7,2 


8'^— 7a"^+3+7 


(s-5) (s-3)(s-5) 
2 2(s-3) 


which is not left invertible since the columns of G(s) are linearly dependent over 
the field of rational functions. However, there does not exist any nonzero constant 
vector / for whcih G{s) / = 0, so the system is input observable. 

However, if the system is single-input and multi-output, then input 
observability implies left invertibility. 


Lemma 11: Consider the system (C,A,B) with B monic and 

d{B) = 1. The system {C,A,B) is left invertible if and only if it is input 
observable. 


Proof: From the remark preceeding the lemma, we need only to 
prove the sufficiency. Assume (C,A,B) is input observable but not left 
invertible. Let V* be as defined in Proposition 9. Because d(B) = 1, using 
(2.51) and the assumption of non invertibility we have SC V*. From 
(2.47), we know AV* G V* + B or equivalently AV* C V* But 
<Ker ClA> is the largest A-invariant subspace in Ker C. Therefore, 

B G V* G <KerC|A>. Obviously, this contradicts the assumption of 
input observability 0 
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Now we give a finite recursive algorithm for computing the infimal element of 
the family yi^L). 

Theorem 12: ((C, A)- invariant subspace algorithm) Let L E X and 
IV* infill). Then )l/* = lim where satisfies the following 
recursion (50j 

CAISA = L +A(#nKer C), 11^0 = 0. (2.52) 


We can simply implement CAISA in terms of matrices. Let Im L = 1 and 
P* be a maximal solution of P^W* = 0. With VV^ = 0 solve the following 
equations recursively. 


pk 

C 


r* = 0 and 




(2.53) 


Stop when Rank = Rank W^] then = Im IV'*. Obviously the algorithm 

should converge for k < n. 

A similar algorithm for computing V* is given in Chapter 4 of |50]. Van 
Dooren [43] has recently published a reliable algorithm for computing V*. His 
algorithm is quite elegant and can be dualized for computing W* We also refer the 
reader to [27] for another reliable algorithm for computing V*. 

The following pole placement result will be useful when it is desired to design 
observers that play the twin roles of being detection filters and full state 
estimators. 


Proposition 13: Let (C,A) be observable, "W E }1^(0) with 

<f()l/)= m , and P- X -* X/'W the canonical projection. If Dq E ^(H^) 
and A is an arbitrary symmetric set of m complex numbers, there exists a 



D : y —* JC such that 


-40- 


PD = PDq (2.54) 

a{A+DC) = a{A+DC : IfWi W A. (2.55) 

Proof: Let W:W-*X be the insertion map and write 

Aq = (^-l-£>oC : ^V). Clearly WA^ = [AaDqC)W ^nd C : W = CW . Using 
Proposition 2, observability of {C,A) implies that [C\V,Aq) is observable. 
Therefore, there exists a Di '. y W such that a{A^+DiCW) = A . 
Define D = Dq + WDi. Then PD = PDq because FW=0 ‘, therefore, 

D e D{W). Also {A+DC : W) = {A+DqC : W) + D^CW= Aq + D^CW- 
thus 


(t{A+DC) = (t{Aq + D^CW) l±) (t{A+DC : XIVi) 

= Ai±l<T(A-HDC: r/)V). 0 

In Proposition 13, we did not mention whether it is possible to assign the spectrum 
of A+DC: r/)V arbitrarily. It turns out that in general this is not possible, and 
this will be the topic of the next section. 

1 

2.3 Unobservability Subspaces 


In Proposition 5, we gave an alternative interpretation of a (C,A)-invariant 
subspace in terms of designing an observer which estimates a linear transformation 
of the states. However, in that discussion we said nothing about the error 
dynamics of the observer. Let "W be (C,A)-invariant, and P T — >■ XfW the 
canonical projection. Consider the observer given in (2 45), and define the error 
vector e(t) := w[t) — P i{t). It follows immediately that e(t) satisfies 


e[t) = w{t) — P x[t) — F w{t) + E y{t) — PA x{t) 
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= - P[A+DC) x(i) = F(w(i) - Px(t)} 

= Fe(t). (2.56) 

If, contrary to the assumption in Proposition 5, e(0) ^ 0, then the error dynamics 
become relevant, and they are characterized by the spectrum of F as given in 
(2.56). Therefore, the case that <r(F) can be assigned arbitrarily is of special 
interest. Unfortunately, if W is only (C,A)-invariant, it is not always true that the 
spectrum of F can be assigned arbitrarily. Based on these ideas, we introduce the 
concept of an unobservability subspace. 

Definition 14: We say a subspace 5 C JT is a (C,A) 

unobservability subspace (u.o.s.) if 

S <Ker ffCjA+DC> ^ (2.57) 

for some output injection map D \ y X and measurement mixing map 

H-.y y. 0 

Later on, we shall derive the relation between the pole assignability of F and the 
definition of a u.o.s. 

It is clear from the definition that a u.o.s. is (A-f-DC')-invariant; thus it is a 
(C,A)-invariant subspace, and D(S) 0. (Recall that D(S) denotes the class of all 
maps D : y —*■ X such that (A+DC) S C S.) We use the notation S(£) for the 
class of u.o.s. containing L. Using this notation, the class of all unobservability 
subspaces of X can be written as S(0). 

Dually, we say a subspace is a controllability subspace if 

Ji. = <A-f-5/^Im BG> for some state feedback map F: X -* U and some input 


mixing map G : U —>■ IL (see Chapter 5 of (50, 45]). .\pplying the duality relations 
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(2.23) and (2.17) to (2.57), we conclude immediately that 
Si = < A '+C >D '|Im C '> , 

and Si is a controllability subspace of the dual system. 

Now we try to eliminate the appearance of H in (2.57). The following 
proposition is the dual of the Propsitions 5.2 and 5.3 of [50]. 

Proposition 15: Let SCI. Then S £ S(0) if and only if there 
exists a map D : y X such that j 

S = < Ker C -I- S\A-¥DC > . (2. 58) 

Moreover, if S £ 5(0), then (2.58) holds for every map D £ D{S). 0 

Using the above proposition, if we are given a u.o.s. S, then a measurement mixing 
map H can be computed from S by solving the equation Ker HC = Ker C + S. 

It is clear that S defined in (2.57) is the unobservable subspace of the pair 
[HC,A+DC)\ therefore, if this subspace is factored out according to the procedure 
given in Section 2.1, then the resulting factor system Is observable, and its 
spectrum is arbitrarily assignable. This fundamental property is stated in the 
following theorem. 

Theorem 16: Let S be a u.o.s. with d[S] = k. For every 

symmetric set A of n—k complex numbers, there exists a map D . y X 
such that 

(t{A-^DC ■. XIS) = A. (2 59) 

Proof: Because S is a u.o s., there exist Dq and H such that 
S— <iKer HCIA+DqC^. Note that Dq can be computed from (2.41), 
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and i/ can be computed from Proposition 15. Let P: X -* X/S be the 
canonical projection, and consider the factor system defined by {Cq,A^) 
where := [A-\-DqC : X/S), and Cq is the solution of CqP= HC (e.g., 

Cq = HCP~^). Clearly (Cq,j4q) is observable; therefore there e)^sts a Dj 
such that — A for an arbitrary symmetric set A. Let 

D = Dq + P-W^H. (2.60) 

From (2.60), [D—D(^CS = 0, and using (2.44), we have D G D{S). 
Clearly, this D satisfies all the requirements. 0 

The reader should note that we can use any technique we please to find the 
map Di- For example, one possible choice is to design a (steady state) Kalman 
filter for the observable system {Cq,A^) and set equal to the steady state 
Kalman gain. 

The converse of the above theorem is also true, and its proof is the dual of 
the one given in Theorem 5.2 of [50). Here we just state the result. 

Theorem 17; Let S C Z be a subspace with d(S) = k. Suppose 
that for every symmetric set A of n—k complex numbers there exists a 
map D . y —* X such that [A+DC) S Q S and C7(A+DC ■ Xf S) = A, then 
S is a u.o.s. 0 

Using the last two theorems, it is clear that the spectrum of F given in (2.56) is 
arbitrarily assignable if and only if VJ is an unobservability subspace. 

As with }i^(il), the family of u o.s.'s S(L) is closed under intersection; 
therefore, it contains an infimal element S* .= inf S(£) [47j. We give two 
different algorithms for computing S*. Both algorithms require a precomputation 
of W* which requires the use of C.AJSA. The first algorithm, like the CAJSA, is a 
recursive procedure. The second method is not a recursive procedure but requires a 
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computation of the map D. 

Theorem 18: (Unobservability Subspace Algorithm) Let L C X, 

W* ;= inf }^L), and S* := inf 5(1). Then, S* = lim where 5* 

• satisfies the following recursive relation [50|. 

UOSA = W* + (A-lS*) n KerC, 5 ° = r. (2.61) 

0 


It follows immediately from the above theorem that 


Ker C + = Ker C + S*. 


(2.62) 


Now we restate UOSA in terms of a matrix algorithm. Let Im VU* = Let 
be a maximal solution of P^S^ = Q. With 5® = /, solve the following equations 
recursively; 


C 


r* = o 5^+1 = [VP, r*j. 


Stop when Rank = Rank 5*^; then Im 5* = 5^*. Note that the algorithm 
converges for k < n. 

A similar algorithm for computing Z* is given in Chapter 5 of [50] Also an 
stable implementation of this algorithm is given in [43] (see also [27]). The dual of 
this reliable algorithm can be used to compute S* 

The second method of computing S* is as follows 


Theorem 19: Let L C X, and S* = inf S(L). Then 


S* = <Ker C + W*lA+DC> 
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for W* := in[ W[L) and D e D(W*) [50, Dual of Thm 5.5). (g) 

The reader should note that the above algorithm is of mostly theoretical value, and 
in actual practice other more numerically reliable algorithms should be used (see 
[43] and [27]). 

As an immediate corollary of Theorem 19, we have the following important 
result: 

D(W*) C D(S*) . (2.63) 

Stated in words, (2.63) implies that every map D which makes W* [A+DC)- 
invariant also renders S* (A-j-DC)-invariant. 

As we stated previously, if V is an arbitrary (C,A)-invariant subspace, the 
spectrum of A+DC-.X/V is not usually arbitrarily assignable. The following 
proposition will help us to identify the fixed eigenvalues. 

Proposition 20: Let V be (C,.4)-invanant, S* = inf S(V), and 

D E ^(^)- Then 

<t{A+DC : Z’/'l’) = (T. I±) cr 

where 

:= (t{A+DC : X/S*) 

is freely assignable by a choice of £> E D{V), but 
tr, := (t(A+DC : S*/V) 

is fixed [50, Dual of Thm. 5.7], Moreover, if V = inf )V(Im B), then cr, 
corresponds to the set of invariant zeros (see .Appendix B) of the system 
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(C^,B) [9, 15). ® 

For completeness, a brief review of the concepts of invariant and transmission zeros 
of a multivariable system is given in Appendix B. 

Most of the results in this section are stated without any proof. Our main 
goal is to apply these results to our problem instead of re-deriving them. However, 
the interested reader can dualize the proofs given in Chapter 5 of [50|. 

Now we give a numerical example to illustrate some of the concepts that we 
have reviewed in the past two sections. Consider the system [C,A,B) with 

’2-10] To' 

A= 000, B= 0 , C= (0 1 0 ]. 

-1 0 0 J [ 1 J 

Using CAISA and UOSA, we can compute W* := inf }V[B) and S* .= inf 5(B) 
Carrying out the calculation, H/* = Im W'and 5* = Im 5 where 



Now we want to characterize the elements of ^(5*). Let D = [d^, do) ^ 3 ] '■ Using 
(2.41), D G D{W*) should satisfy 

'1 0 0 1 r 2 -1-Hd^ 0 1 r ® ' 

0 1 0 J 0 do 0 0=0. 

[ -1 d“ 0 J [ 1 _ 

Clearly any D satisfies the above relation. Mso remember that Dl'W*) C D{S*y, 
therefore, any D = [d^, d.i, d^\ ’ also belongs to D[S*). 

Let P: X —* X/W* be the canonical projection and r = [x^, i.i, X 3 I '. By 
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Proposition 5, we should be able to design an observer which reconstructs Px = 
(xj, XoJ Note that because B C "W*, the observer does not need to know the input 
u[t) in order to successfully estimate Px, assuming the initial condition is perfectly 
known. In a failure detection context, this means that the observer can estimate 
Px even if the actuator fails and its behavior is unknown. Let D E P(^) and 
^ = A+DC] then F= A^ : XfW is simply 



' 1 

0 

0 ‘ 


2 

-1+d, 

0 ‘ 


’ 1 

0 ‘ 


’ 2 

-l+dj 

^^2 

F = 

0 

1 

0 


0 

do 

0 


0 

1 

= 

0 





-1 

4 

0 


0 

0 





Moreover a simple computation shows that 



Evidently, one of the eigenvalues of F is fLxed in the right half plane and cannot be 
moved. Therefore, if the initial observation error is not zero, then we cannot 
reconstruct Px. However, we show that this is not the case for a u.o.s. 

Consider the u.o.s. S* defined and computed at the begining of the example. 
Let P: r — » X/S* be the canonical projection. Then obviously Px = x.i, and we 
should be able to asymptotically reconstruct Xo even if the initial conditions are not 
properly chosen. Also to reconstruct xo, the observer does not need to know the 
input u{t). Let F = Aq X/S*, then 



2 -1-hdj 

0 d^ 

0 ' 


’ 0 ' 

F= [010] 

0 


1 


1 

1 

0 


0 


Clearly, the spectrum of F is arbitrarily assignable, and E = —PD = —do- The 
filter which reconstructs x.o is simply 



w{t) — ^ 2^0 ~ 


-48- 


Now we want to find the invariant zeros of the system {C,A,B). Let 
D € and = A+DC\ then >1 q • S* is simply 

’ 0 0 1 1 r 2 -1+dj 0 1 r 0 1 1 r 0 -1 ' 

^:S*=[lOoJ 0 ^2 0 00=[o 2 

[ -1 d“ 0 J [ 1 0 J 

Let us denote the insertion map of W* in S* by W^. Then obviously = [ 1 0 ]', 
and the canonical projection P: S* -* S * is simply P= [01]. Thus, 

Aq : S*/W* = [ 0 1 I r 0 -1 1 r 0 1 = 2. 

[0 2 J [ 1 _ 

Note that the transfer matrix of the system {C,A,B) is 0, but the system has an 
invariant zero at s = 2 which is identical to Aq : $*11^* as we expected. 

2.4 Compatibility of a Family of (C,A)-invariant Subspaces 

Assume i G k} is a family of (C,A)-invariant subspaces It is clear from 
the definition that each can be made invariant by appropriate output injection, 
i.e., there exist Z),- such that (A+D,C) W- C (< G k). It will be rewarding to see 
what additional constraints t G k} should satisfy in order to be assignable as 
the invariant subspaces of just a single observer. In other words, we ask under 
what conditions does there exist a map D such that (A+I>C) W- C (i G k), i.e., 
under what conditions is ^(^i) ® To formalize this idea, we introduce 

the concept of compatibility. 

Definition 21: We say a family of (CjAI-mvariant subspaces 

i G k} is compatible if there exists a map D : y X such that 



[A^DC) Wi C Wf, i e k. 
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(2.64) 

0 


We can state the compatibility property in terms of the solvability of a set of 
linear equations. The following result is an immediate consequence of (2.41). 

Lemma 22; Let a €k} be a family of (C, A)- invariant 
subspaces, W,- : — * JC (a € k) be the insertion maps, and P, be the 

maximal solutions of = 0; then the family {W^, i G k} is compatible 
if and only if the set of linear equations 


P-AWi = -P^DCWi, i G k, 


(2.65) 


has a solution for D. 


0 


Now we introduce a property of a family of subspaces that will be used to 
address the compatibility issue. To simplify the notation, we define 




.IV 


«■ 

J 


( 2 . 66 ) 

(2.67) 


Definition 23; Let [IV^, i G k} be a family of subspaces of JC. We 
say a'Gk} is a codependent family of subspaces of X if the 
annihilators of the family are independent, i.e.. 





or equivalently n*_j -t- W^) = X . 


0 


Lemma 24; A family of codependent (C,A)-invariant subspaces 
{ IV,, i G k} is compatible. 


Proof; Let D, G D{W,) {i G k). Let P, : X X/W,^ be the 
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canonical projection. Because the family i G k} is codependent (row 
spaces of P,- are independent), P defined below is epic. 



Therefore, using Proposition 1, there exists a Z>q such that P,£>,- = P,Pq 
(a G k). Thus Dq G and consequently a'Gk} is 

compatible. 0 

The following proposition shows how the codependence of a family of u.o s. 
will result in a filter with all of its eigenvalues arbitrarily assignable. 

Proposition 25: Let {C,A) be observable, and {5,-, a'Gk} be a 
family of codependent unobservability subspaces. Let A, (a G ko) be a 
family of symmetric sets with = n— d(S,), : G k, and 1/1 q| = d(n 5,). 
Then there exists a 

such that 

<7{A+DC : r/5,) = .1, 

<r(A+£)0 = A,.. 

Proof: Because 5, is a u.o s., there exists a. D^ . y —* X such that 

a{A+D,C : X/S,) = A,. i 

Let P, : r — <• X/S^ be the canonical projection Because {5„ : G k} is 
codependent, from Lemma 24 we know there exists a Dq such that 
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thus Dq e Let S := = Ker P. Clearly Dq G D{S) 

and 

ffM+CoC:r/s) = w‘^,.i,. 

Also by Proposition 13, there exists a. D : y — ► JT such that PD = PDq 
and a{A+DC : S) = thus 


<t{A^DC] = Aq W (t{A+DC : X/S) 



A,. 




In order to provide a more general sufficient condition for compatibility, we 
need to introduce the concept of the dual radical of a family of subspaces. The 
concept of the radical of a family was first introduced in [50]; here, we shall dualize 
these original results and later on apply them to our problem. Assume i G k} 
is a family of subspaces. Associate with this family a subspace defined as follows: 

W := (>!/,•)“ := IV,). (2.68) 


We shall call )V the dual radical of the family i G k} Using the above 
definition, a family i G k} is codependent if and only if ()V,)® = X — see 
Definition 23. Qualitatively, we can think of )V as a measure of codependence of a 
family of subspaces. Also, another important property of TV is that it can be used 
in constructing a family of codependent subspaces from a given non-codependent 
family of subspaces. We now state a few simple facts about the dual radical of a 
family of subspaces. The dual of these results are given in Chapter 10 of [50]: 


TV 



TV. 


= (TV,-n TV)“. 


(2.69) 
(2 70) 
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The most important property of the dual radical is the one given in (2.70). 

• « 

Relation (2.70) implies that W, n'iV , considered as subspaces of W , are 

• « 

codependent subspaces of W . Moreover, is the largest subspace with this 
interesting property . 

Now assume i E k} is a family of compatible (C,^)-invariant subspaces, 
and let D G Then 

{A^DC) C )i/„ i E k. 

Using (2.9), it follows immediately that 

(a+£)c)(j:.^„w,)cx:.^„w, 

for any i?Ck. Hence the sum of any members of the family i E k} is 
(C,A)-invariant. As a matter of fact, all elements of the enveloping lattice of 
I E k} is (C,A)-invariant“. By the enveloping lattice of a family i E k}, 
we mean the smallest set of subspaces that contains {W^, i E k) and is closed under 
addition and intersection. 

Moreover, from the definition of dual radical it follows that D E i-e , 

the dual radical is (C,A)-invariant. Also, with a little more work we can show that 
D E )• Stated formally 

c n^.^^D{w^nw ). (2.71) 

Unfortunately, t^ (C, A)- invariance of the dual radical of a family does not 
necessarily imply compatibility . However, in the next lemma we show that if W is 


“Recall that the family of (C,.A)-invariant subspaces is closed under intersection 
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(^(Aj-invariaQt, thea the right hand side of (2.71) is non-empty. Therefore, if the 
family i G k} is such that the relation given in (2.71) holds with equality, then 
the {C,A)- invariance of the dual radical of the family is a necessary and sufficient 
condition for compatibility of i € k}. 

Lemma 26; Let »Gk} be (C',A)-invariant. If W is 
(C,>l)-invariant, then the family 

ly , -M/i n , ...,Wknw 

is compatible. 

Proof; Let W:W X. From (2.27) 

W\W-^{V)i n Ker C)] = fl V,- n Ker C. 

Let Dq e D{W), := A+DqC, A^ := (^ W ), and := CW. 

« 

Clearly \V^r\W is (C,A)-invariant; thus 

A^{W,nW n Ker C) cw^nw 
AqW[ n Ker C)\C1^,C\1^ 

WA^ [ (Vy-lTl/J n Ker CW\ CW,nW 
Ai [ {W-^Wi) n Ker CTK] C W~HWi D 

Therefore, W~^W^ is (C^,A J-invariant. From (2 70), we have that the 

- • 
family of subspaces \V~^W^ (f G k) are codependent subspaces of W. 

Hence, by Lemma 24, we know there exists a such that 

(.4i+Z)iC,) (W-'V,) C (W-IW,). (2.72) 


Now we want to show that D = Dq + WD^ is the map we are looking for. 
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Operate both sides of (2.72) by W 

[A^W+WD^CW] QVf,C\iv 

{AQ+WD^C){MlinW)C WiHW 

[A+DC] ()<;,• n ) c )i/,- n TJ' 

Also [A+DC)'W G AqW + \mW='W, and the conclusion follows 
immediately. 0 

As should be clear by now, answering the compatibility question in its most 
general form is quite complicated, but we have given useful results that work for 

important special cases. However, if the family of subspaces that we are 

« 

considering has only two elements, then we can completely resolve the 
compatibility issue. The proof of the following simple result, which is an immediate 
corollary of Lemma 26, is left to the reader. 

Lemma 27; Let ll/j and ll^.> be two (C,.4)-invariant subspaces. 
Then and “Wo are compatible if and only if + Wo is (C',.4)-invariant. 

0 


Now we introduce the concept of an output separable family of subspaces. 

Definition 28: We say a family of subspaces i G k} is C 
output separable if CW^ fl ^ ^ GWj) = 0, ? E k. i e., if the images of W^ 

[i E k) under C are independent. 0 

When it is clear from the conte.xt, we shall refer to a C output separable family as 
simply an output separable family and delete the C 

The following lemma shows the relation between output separability and 
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compatibility. 

Lemma 29; A family of C output separable (C,A)-invariant 
subspaces {Ml^, i G k} is compatible. 

Proof: Let Vj be subspaces such that Vj 0 WjH Ker C. Let 
w\ (i G Ij) be a basis for Wj such that to* (i G Pj) spans Vj. Then Aw'^ = y‘ 
for some y\ G X. Let D be a solution of 

-{y\, • • • • • • .yL • • • = DC[w\, . . . • • • ,w[, . . . 

which exists because output separability implies that 

C[w\, . . . 

is monic. .\lso because V)j are (C',A)-invariant, {A-‘rDC)w\=. Aw\= u\ 
iPj < * ^ ^j) for some ti‘. G Thus {A+DC)w' = u\ for i G ly, j E k, 
tt‘ G 'iVj, and [A^DC] C Wi {i G k). ® 

Now we derive another important property of a family of output separable 
(C,. 4)- invariant subspaces. 


Lemma 30; Let [C,A) be observable. A family of C output 
separable (C, ,4)* invariant subspaces {K^,, < G k} is independent. 


Proof: By hypothesis CW^ fl ~ ^ ^ therefore 

Ti',) = 0. /Gk (2.73) 

.AJso it is shown in Lemma 29 that {H/,-, < G k} is compatible; therefore 
is (C7,A)- invariant. Let us assume that {l^„iGk} is not independent; 
then for some i G k, 


Wi nyVi=T 0. 
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From (2.73) T C Ker C ; therefore 

(Ker C n yVi) n ( n Ker C*) = T (2.74) 

Operating on (2.74) by A on both sides and remembering that 
A()V,-nKerC) C because is (C,A)-invariant (and similarly for iv,), 
then 


Wi nWiDAT. (by (2.10)) 

Note that AT ^ 0 because T C Ker C and [C,A] is observable. If 
ATQ Ker C, repeat the process and for some m < n— 1, CA^ T 7^ 0 
because otherwise the observability is violated. Thus fl D A^ T for 
some m such that CA^ T ^ 0 which contradicts (2.73). 0 



Chapter 3 

Failure Modeling and Problem 
Formulation 

In Chapter 1, we briefly reviewed the problem of failure detection and 
identification in linear time-invariant dynamic systems. In this chapter we 
formulate the problem in its most general form. We also show how to model the 
effect of failure of different components like sensors and actuators. A good 
reference for failure modeling with some actual examples is Chapter 4 of [22]. Also, 
in order to gain a better understanding of the effect of sensor failures on a failure 
detection filter, the concepts of modified (C’,/;A)- invariant subspaces .and modified 
{C,J\A) unobservability subspaces will be introduced. These concepts are 
somewhat related to the dual of the output nulling invariant and controllability 
subspaces of Anderson [1] (see also [35] and Exc. 4.6 & 5.9 of [50]); and they are 
natural extensions of the results presented in Chapter 2. 

3.1 Problem Formulation and Failure Representation 

Assume our nominal linear time invariant (LTI) system can be described by 
the triple [C,A,B) 

i(f) = A x(t) + B u(t), 

V(0 = Cr((). (3.1) 


Here i(l) € X. n(t) G U, and y{t) G 1/- The dimensions of X. U, and y are n, m, and 
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/ respectively. Our observables are the nominal input u{?) to the plant and the 
measurement y(f). 

Now assume that some unknown disturbances affect the behavior of the 
plant. These disturbances can either be sensor failures or disturbances at the 
output, which directly corrupt the measurement y(t), or they can be actuator 
failures and external input disturbances which will show up in y[t) after their 
effects are integrated through the dynamics of the system. The most general form 
of disturbances that can affect the output of the system shown in (3.1) can be 
represented as follows: 

i(l) = A x(i) + B y(l) + 

j,(() = C z(() + (3.2) 

Here m,(t) E M, (d(M,) = /:,) and n^(t) E -V, (d(-V,) = y,) are unknown functions of 
time and can be arbitrary. However, when no failure or disturbance is present, 
m,(<) and n,(t) are all, by definition, equal to zero. We refer to the functions m,(<) 
and n,{t) as failure modes . 

In order to model the effect of the j-th actuator failure, simply set Lj = Bj 
where By is the j-th column of the control effectiveness matrix B. Note that, if the 
actuator does not respond to the input and is dead, then obviously = —Uj{t) 
where Uj{t) is the j-th element of the input vector u[t). If the actuator has a bias 
6, then = b. If the actuator saturates at one of its end points, then 

mj(<) = 6— (t). Clearly, because we do not constrain m^{t) to any special 
function class, a wide variety of actuator failure modes fits this representation. 
From now on we shall refer to the maps L,' . M, — » X as actuator failure 
signatures . Also if the actuator fails in such a complicated way that its output 
does not affect the system through the Bj anymore, (3.2) can still be used to model 
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its effect. Note that here the Z,,- can be matrices, and are not constrained to just 
being vectors. 

We can also model a change in the dynamics of the plant, i.e., a change in the 
A matrix, by choosing Z,- appropriately. {In this case m,(<) will be a linear 
combination of the states of the system x(t).) Thus, as far as failure modeling is 

I 

concerned, a change in the dynamics of the system can be modeled as an actuator 
failure. Therefore, the generic notion of actuator failure will be used to refer to any 
failure event that can be modeled by choosing Z, appropriately . 

Similarly, if we want to model the failure of the j-th sensor, then we simply 
set = eij where is the j-th column of an /X/ identity matrix. Note that if the 
sensor fails dead, i.e., zero output, then = —cjx{t) where cj is the j-th row of 
the measurement matrix, C. As should be clear by now, this representation can be 
used to model a wide variety of sensor failure modes. Moreover, as in the case of 
actuator failures, /,• can be matrices, and they are not constrained to be vectors. 
F rom now on we shall refer to the maps : -V,- — ♦ 1/ as sensor failure signatures . 

Without loss of generality, we assume that the failure signatures are monic. 
Note that because (and similarly n,(t)) is arbitrary, if the map Z,- is not monic 
then obviously there exists a monic map (7, which has the same image as Z, and 
Z,-m,(^) = G^d^{t) for some other arbitrary function d,(t). For our purpose, G, can 
be used to model this failure. 

Clearly, the major attribute that distinguishes our approach to failure 
modeling from the majority of the approaches reported in the literature is that we 
do not assume any a priori mode of component failure, i e., m,(t) and n,(t) in (3.2) 
can be arbitrary. However, it is assumed that the failure can be represented by 
choosing an appropriate Z, or Also once in a while we shall make the 
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assumption that the failure modes are generic in a sense that will be specified when 
the need arises. As is clear from (3.2), our mathematical model is general enough so 
that it may prove useful in other contexts besides failure detection and 
identification theory. 

To simplify the notation, let us define n(t), m{t), L, and J as follows: 


n(0 : 

= [«i'(0. 

• . • , n,'(0r, 

(3.3) 

m(<) 

:= (mi'(f). 

. . . , m^'(t)}'. 

(3.4) 

L := 

(■^1 

hi 

(3.5) 

J ■— 

[Jv • • • . 


(3.6) 


Then (3.2) can be rewritten as follows: 
x{t) = A x{t) + B u(t) -H L m{t), 

y{t) C x{t) + J n{t), (3.7) 

where n{t] ^ U \= 0 • • • © and m{t) EM = © • • • 0 M^.. The 

above model will be used from time to time in our developments instead of (3.2). 

We also point out that any sensor failure can be modeled as a pseudo 
actuator failure through appropriate state augmentation This follows from the 
assumption that n^{t) is an arbitrary function of time. Hence without loss of 
generality it can be assumed that the unknown function n^{t) is the output of some 
linear time-invariant system with impulse response h^(t,T) and some arbitrary 
input s,(f). The only restriction on is that it should be right invertible so that 
for any n^{t) there exists a s,(/) such that 

fo ^ 


i 
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For the case where n,(<) are simply scalars, without loss of generality we can 
assume 


n,(0 = a,- n,(0 -h 5,(/) 


for some scalar a,- and some unknown function If the dynamics of the systems 
generating the sensor failure modes are added to the dynamics of the system, the 
sensor failures can be represented as actuator failures. To see this assume that 
s,(f) = n,(f) which is a simple choice of a right invertible system (an integrator), 
and rewrite (3.7) as follows: 


"x[t) 


'a o' 


x{t] 


' b' 


' L o' 


m{t) 


= 




+ 


n(0 + 




>(f). 


0 0 _ 


. ^(0 . 


0 


_0 / _ 


s{t) _ 


y{t) = I c- 


j 


x(t) . 
n(f) _ 


(3.8) 

(3.9) 


Clearly in this formulation no sensor failure signature is present. Hence, in all of 
our developments in Chapter 4, we shall use the model 


x(() = A x(t) + B u[t) -f- f^,m,(0, 

y(0 = Cx(0, (3.10) 


and assume that the maps A, Z/,-, and C have already been appropriately modified 
so that the sensor failures are properly represented as pseudo actuator failures. In 
Section 3.2 we shall illustrate some of the difficulties associated with handling the 
sensor failures directly, and state why it is useful to model sensor failures as 
actuator failures by state augmentation. One caveat to be aware lif is that the 
augmented model may not be observable even if (C,A) was observable. However, 
by properly choosing the augmented dynamics so that they do not coincide with 
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the spectrum of A, it is always possible to get an observable augmented model if 
((7, A) is observable. 

Now that we know how the effect of different component failures can be 
modeled, the most general form of the problem that we are trying to solve is 
defined. Considering the system in (3.10), we define the failure detection and 
identification filter problem (FDEFP) as the problem of designing a dynamic 
residual generator, 17^, that takes our observables, u{t) and y{t), as inputs and 
generates a set of residuals r,(/) {i G p) with the following properties: 

1 . When no failure is present, the residuals r,(/) (i G p) are identically 
equal to zero. Hence, the net transmission from the input of the 
system u{t) to the residuals r,(/) (j G p) should be zero. 

2 . When the j-th component fails (i.e., mj{t) 7 ^ 0 ), the residuals r,(/) for 
j'G-Cy should be nonzero, and the other residuals r^{t), a G p— all 
should be identically equal to zero. Here the family of coding sets 

^ P ^ k) ^re such that we can uniquely identify the failed 
component by knowing whether the r,(t) are zero or not. 

We say more about the coding sets /?, later in this section and also in Section 4.5. 
A block diagram of an FDIF is given in Figure 3-1. Note that in the general 
problem, there is no constraint on the number p of the residuals. 

If we can generate a set of residuals with the above properties, then the 
identification task is trivial. One only needs to compare the magnitudes of the 
residuals against some appropriate thresholds to decide which ones correspond to 
responses to actual failures, and then by referring to the table of the coding sets 
one can identify the failure, if a failure is present. 

One important design consideration is how to choose the coding sets The 
simplest choice is just to let = {i} {i G k), or equivalently, to let only one of the 
residuals be nonzero for any one failure. In addition, this coding scheme enables us 
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Figure 3-1: Block Diagram of an FDIF 

to detect and correctly identify simultaneous failures. This is because 
/?,• 7 ^ ^ In Sections 4.4 and 4.5, we shall go over more 

complicated coding schemes. The reader should note that with some coding 
schemes it is not possible to detect and identify the presence of simultaneous 
failures. As a matter of fact, for some coding sets, simultaneous failures can lead to 
identification of the wrong component as failed. However, no matter what coding 
sets are used, there are families of components for which a failure of! a component 
within the family can not be uniquely identified. This fundamental limitation will 
be discussed in Section 4.5. 

Now, consider the most general form of a realizable LTI processor that takes 
y{t) and u{t) as inputs and generates a set of residuals r,(f) (i E p) as outputs. 


w{t) = F w{t) — E y{t) + G u{t), 

r,(() = Mj m(i) - H; y{t) + ft', a((), i € p, 

r(0 = (ri'(0, . . . , 


(3.11) 

(3.12) 

(3.13) 
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Here r,(i) G and r[t) G ^ := 0 • • • 0 Rp- Also the minus signs in E 

and i/,- are just chosen for convenience in what follows. 

Now we can restate FDIFP as the problem of finding F, E, G, A/,-, K^, and 
in (3.11), (3.12), and (3.13) such that the transfer matrix that relates m,(i) to r,(<) 
has certain nice properties that enable us to compare the residuals r^[t) with zero 
and decide whether m^{t) are zero or not. 

In order to make the problem more tractable and be able to derive the 
solvability conditions, we need to make a few more assumptions. In Chapter 4, 
based on different practical considerations, we formulate and solve several 
restricted versions of FDIFP. Several of the practical issues that we consider are 
ease of implementation, order of the processor (i.e., dimension of the F matrix), 

i 

sensitivity to the variation of system parameters, and availabilify of reliable 
numerical design algorithms. 

By ease of implementation, we mean the special structure of the F matrix 
which simplifies the actual computation, e.g., a processor which is a collection of 
several decoupled subprocessors is superior to a lower order processor which does 
not have this decoupled property. 

Also the sensitivity of the residual generator is quite important because the 
hypothesised model of the system (i.e., the model given in (3.10)) is usually not well 
known. Considering this, a robust residual generator should not rely heavily on the 
model of the dynamics of the system. However, in this work it is deemed more 
appropriate to address other fundamental problems, and hence the main 
concentration is not on the sensitivity issue. 

With respect to numerically reliable design algorithms we point out that 
unfortunately the design procedures used in the geometric control theory, though 
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constructive, usually cannot readily be translated into numerically reliable 
algorithms. However, in Section 4.2 we shall outline the steps one should take for 
reliably implementing the solution to a restricted version of FDIFP. 

Before proceeding with the soluion of various FDI problems, we illustrate 
some of the difficulties associated with the case of sensor failures. 

3.2 Sensor Failures 

1 

« 

In Chapter 1, we illustrated the effect of actuator failures on the behavior of 
an observer. Then those properties were used in formulating a failure detection 
and identification problem in which the failure of two distinct actuators could be 
identified. In this section, we consider a similar problem involving sensor failures 
which are inherently difficult to handle. The difficulty arises from the fact that in 
this case some columns of the observer gain matrix are the failure signatures; 
hence, the problem requires special treatment. 

Consider the system 
x{t) = A x(t) -I- B u{t), 

y[t] = C x(t) + nj(t) + Jo noit), (3.14) 

with n,(<) E being arbitrary unknowns. In the terminology of Section 3.1, 
- y are the sensor failure signatures. When no failure is present, 
n,{t) = 0. Consider designing a full order observer for the system given in (3.14), 
with the following form; 


w{t) = {A+DC) w{t) — D y{t) -1- B u{t), 
r(() = H(Ci»(() -!/(())■ 


(3.15) 
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Here the residual vector, r(t), is a linear transformation of the innovation 
Cw(i) — y(f). Let us define the error e(i) := w(t) — x{t). Using (3.14) and (3.15), 
the equation for the error vector e{t) is simply: 

i 

e{t) = {A+DC) e{t) - DJ^ n^(f) — DJ 2 no(0) 

r(0 = HC e{t) - HJ^ n^{t) - HJ^ n2(0- (3.16) 

Now we ask under what conditions an arbitrary no(i) will have no affect on the 
residual r(<), while any nonzero n^{t) shows up in r{t). From (3.16), it is obvious 
that for 712(0 not to affect r(0, we should have HJ 2 = 0, and Im DJ 2 should be in 
the unobservable subspace of (HC,A+DC). This is equivalent to the statement 
that the transfer matrix from 712 ( 5 ) to t^s) should be zero. Of course, the 
complication arises from the fact that the map D is unknown, but it should satisfy 
the constraint ImDJoC S = <Ker HC\A+DC>^ With this motivation, the 
following concept is introduced. 

Definition 1: A subspace, S, is a modified [C,J,A] unobservability 
subspace (m.u.o.s.) if there exist a, D : y —>■ X and an H : y — *■ y such 
that 


1. S = <Ker HC\A+DC> 

2. Im DJ C 5 

3. HJ=0. ® 

It will shortly be shown how these m.uos. can be computed. Also their other 


■^For the moment we do not concern ourselves with the condition under which a nonzero n^lt) 
will show up in r(<) 
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1 


interesting properties will be discussed as well. 

As the reader may expect, it should be possible to extend the concept of a 
(C,A)-invariant subspace (which was introduced in connection with actuator 
failures) to the case of sensor failures. The following definition is an extension of 
the result given in Proposition 5 of Section 2.2. 

Definition 2: Consider the system 

x{t) = Ax{t), 

y{t) C x{t) + J (3.17) 

with n(t) unknown. We say a subspace is a modified (C, J;A)- invariant 
subspace (m.c.a.i.s.) if there exist matrices E and F such that 
iy(0) = Pi(0) yields w{t) = Px{t) for < > 0 where 

w{t) = F w(t) + E y{t), (3.18) 

and P: X —*■ X/W\s the canonical projection of W. 0 

The philosophy behind this definition is to give special attention to those outputs 
w{t) = Px{t) that, with Ker P= W, may be reconstructed exactly from y(t) even in 
the presence of an arbitrary unknown n(l). 

For n(<) not to affect the dynamics of w(() in (3.18), we should have EJ = 0. 
This leads us to the following result. 

Proposition 3: A subspace is a modified (C,/;A)-invanant 

subspace if and only if there exists a map D . y —* X such that 

1. [A+DC) WC Ml 


2. Im DJ C W. 


0 
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It is possible to define a m.c.a.i.s. as in Proposition 3, and then derive the result 
given in Definition 2 from it. However, it seems that Definition 2 is more 
illuminating. Using the result of Proposition 3 and Definition 2, it follows 
immediately that any m.u.o.s. is a m.c.a.i.s. Also, a simple computation shows that 
the matrices E and F mentioned in Definition 2 are the same as the ones given in 
(2.46). Note that ImDJQ W implies PDJ—0, and the condition EJ—0 is 
satisfied. ' 

It is also possible to give an interpretation of a m u o.s. in terms of the 
existence of an observer as is done in Definition 2. The only discrepancy arises 
from the fact that for a m.u.o.s. the spectrum of F should be assignable to an 
arbitrary symmetric set; hence, the assumption that the observer is perfectly 
initialized can be omitted. 

Now it is shown how these m.c.a.i.s. and m.u.o s can be computed. Consider 
rewriting the system given in (3.17) such that n(t) is the input to the system and 
y{t) is the the output of the system. This simply corresponds to rewriting (3.17) as 
follows: 

x%t) = -f- L^h (t), 

y{t) = C^xV), (3.19) 

where x^{t) = x{t) 0 n(<) ^ X M. It is helpful to visualize the maps in 

(3.19) in terms of their matrix representations: 


.4 0 0 

A«= ,L^= ,C^=[C, J\ 

0 0 I 


(3.20) 


Let x E X, and define the embedding map Q . X -* X^ as follows- 
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(3.21) 


Let V C then 

e r&IJ) 6 V). (3.22) 

Less precisely, we can write as Vfi T. 

Now we shall prove the interesting fact that the intersection with X of the 
ordinary invariant subspaces of which contain Im = 0 0 A/ are 

m.c.a.i.s. 


Proposition 4: Let W be (C®,A®)-invariant and 0 0 .A/ C Then 
is a m.c.a.i.s. Conversely, if 5 is a m.c.a.i.s., then S 0 >/ is a 
((7^A®)-invariant subspace. 

Proof: Let S ;= Q~^y^\ obviously = 5 0 >/. Because )(/ is a 
(C®,A®)-invariant subspace, there exists a map . y —* such that 

[A^+D^C^)1V C m (3.23) 

Let us partition as = \D 0^]' where the row dimensions of D and 
A are equal. Let s G 5; then 

(A^+D^C^) (s 0 0) = {A+DC) 3 0 D^Ca 

e W=S e >/• (by (3.23)) 

Thus, {A+DC) S Q S. Let n G -V; then 

{A^+D^C^) (0 0 n) = DJn 0 D^Jn 

eW=S @ M. (by (3.23)) 


Hence, DJn G S for* arbitrary n G M or equivalently Z)JC S; and using 
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Proposition 3, it follows that 5 is a m.c.a.i.s. 

Conversely, because S is a m.c.a.i.s., there exists o. D : y — >■ X such 
that {A+DC) S Q S and Im DJ C S. Let : y — »■ JT® be any extension 
of D, i.e., Z)® =[£>', with arbitrary, and define "W 5 0 >/. 
Then a simple computation shows that 

[A^+D^C^] Ml C 

thus, yj is (C®,A^)-invariant. 0 

From the proof of Proposition 4, it is clear that the zero matrix in the lower right 
corner of A® defined in (3.20) can be replaced with any matrix of appropriate 
dimensions. Also the identity matrix in L® can be replaced with any nonsingular 
matrix. Note that it follows from Proposition 4 that the computation of the 
modified subspaces introduced in this section amounts to extending the state space 
and is really equivalent to the heuristic argument we used in Section 3.1 for 
modeling the sensor failures as pseudo actuator failures with appropriate state 
augmentation. 

We can derive a similar result for a m.u.o.s. Here we shall only state the final 
result; the proof is similar to the one given before. 

Proposition 5: Let S be a (C®, A^) unobservability subspace and 

0 0 >/ C 5. Then Q~^S is a m.u.o.s. Conversely, if is a m.u o s., then 
0 is a {C^,A^) unobservability subspace. 0 

Propositions 4 and 5 are quite useful in computing the m c.a.i.s. and m.u.o s. 
Also these results and the results of Chapter 2 can be used to derive some of the 
useful properties of these modified subspaces 

For example, let us show that the families of m.c a.i s. and m.u.o.s. are closed 
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under intersection. Let 'H'l and "Wo (C®,A®)-invariant subspaces containing 

Im jC®, and let us denote their intersection by Using Lemma 7 of Section 2.2, 
is (C^A®)- invariant. .Also we know 

W-‘’t',)n(«-'w,) = Q-iW3. 

From Proposition 4, are m.c.a.i.s.; hence, the family of m.c.a.i.s. is closed 

under intersection, and it should contain an infimal element. A similar argument 
shows that the family of m.u.o.s. is closed under intersection and it too contains an 
infimal element. Also all of the results in Chapter 2, which deal with pole 
placement techniques, can be used equally as well with m.u.o.s. and m.c.a.i.s. 

Now a simple example is worked out to illustrate some of the concepts we 
developed in this section. Consider a second order system with two sensors 
represented as in (3.2) with 



' 1 o' 


' 1 o' 


' 1 ' 


’ 1 ' 


' 0 ' 

A = 


,C = 


,B = 


. A = 


, J-2 = 



0 2 


_0 1 


1 


0 


1 


Referring to our intuition, we can design two different observers each using only 
one of the sensors to generate two separate innovations. Then a threshold on the 
magnitude of these innovations can be used to identify each sensor failure. Let us 
instead use the concepts of this section to design a residual generator. 

Let IVi denote the smallest modified (C,/. 2 ;A)-invariant subspace. From 
Proposition 4, Wi = Q~^W where W is the smallest (C®,A®)-invariant subspace 
containing Im L® with L® = [0, 0, 1]' and C® = [C, /o]. A simple computation shows 
that = Im L®; hence, = Q~^W = 0. .Also D® = ] (» E 3, ; E 2) belongs to 

D{W) if d — doo — 0. Let D be the upper 2X2 partition of Z)®. A simple 
computation shows Z>/o = 0 and [A+DC] C Using Proposition 3, it follows 
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immediately that = 0 is a modified (C,/ 2 ;^)‘iDvariant subspace; and obviously 
it is infimal. 

Similarly, let denote the smallest unobservability subspace. From 

Proposition 5, 5^ = Q~^S where S is the smallest [C^,A^] unobservability subspace 
containing Im with = [0, 0, Ij' and C® = [C, J^. A simple computation shows 
that 


S = Im 


0 0 
1 0 ; 
0 1 


hence, = Q~^S = Im [0, 1] Note that 5i is simply the unobservable subspace 
of the first sensor . Also £)®=[d,y] (i G 3, ; G 2) belongs to D{S) if 
Moreover, from ‘the definition of an unobservability subspace, there exists an 
such that S = <Ker A simple computation shows that 

Hi — [1, 0]. Let D be the upper 2X2 partition of D^. A simple computation shows 
DJ 2 = [0, ^ 22 ] ^ ^\-^2 ~ ~ <Ker HiC\A-{-DC'> . Using Definition 1, it 

follows immediately that is a [C,J 2 \A) unobservability subspace. This subspace 
is also infimal. Moreover by choosing dn properly, we can arbitrarily assign the 
spectrum of (t{A+DC : JT/SJ. 

Now we can use Sj to design a residual generator such that its output, rj(i), 
is not affected by the failure of the second sensor. Note that HiJi = 1, hence the 
failure of the first sensor will show up in r^(<). Let y{t) = [yi{t), yoit)]'- Carrying 
out the computations it follows that the residual generator has the form 

yi (0 + «(0 

ri{t) = - yi{t), 


1 
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where can be used to arbitrarily assign the spectrum of the observer. Note that 
this residual generator is simply an observer for that part of the state space which 
is observable from the first sensor . Clearly, the residual r^(f) is not affected by the 
failure of the second sensor; hence, a nonzero r^{t) implies that the first sensor has 
failed. 

A similar procedure can be used to design a second residual which is affected 
by the failure of the second sensor but not by the failure of the first sensor. Note 
that the residuals r 2 (f) and r 2 (f) are all we need to completely detect and identify 
the failure in each or both of the sensors. This approach to the failure detection 
and identification problem will be discussed in detail in Chapter 4; here we only 
used this example to illustrate some of the concepts we introduced in this chapter. 

It is interesting that the solution to this example is the same as the intuitive 
solution we proposed. Each individual observer simply uses one of the two sensors 
to generate the residual vector. Thus the failure of any sensor only corrupts the 
residual of the filter that is using the failed sensor. Moreover, because each sensor 
can only observe part of the state space, the unobservable subspace of each sensor 
can be factored out so that the order of each individual observer is reduced . 

In fact, the above concept can be generalized to any LTI system. To show 
this, consider a system with / sensors and assume that the actuators are perfectly 
reliable . Now consider the problem of designing / residuals such that the failure of 
the i-th sensor only affects the i-th residual. Note that in here we are assuming 
that the failure signatures J^ are simply the column vectors of an Ixl identity 
matrix. A simple computation shows that the infimal modified (CJ,\A) 
unobservability subspace, where /,• is the /X/ identity matrix with the i-th column 
deleted, is simply the unobservable subspace of the i-th sensor . Clearly we can use 
these infimal subspaces to design I separate residual generators each only 
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sensitive to the failure of the i-th sensor. This amounts to designing an observer 
for that part of the state space which is observable from the i-th sensor and then 
using the innovation of these filters as our residuals. Contrary to the difficult 
statement of the failure detection and identification problem for sensor failures, the 
solution of the problem is quite simple and intuitive. However, the reader should 
be aware of the assumptions that these results are based on: namely, the failure 
signatures /,• should be the columns of the identity matrix, and the actuators are 
assumed to be perfectly reliable. Note that the problem we addressed here is a 
special case of the extension of the fundamental problem of residual generation 
which we shall solve in Section 4.1.1. 

The approach outlined above for detecting and identifying sensor failures is in 
fact identical to the one proposed by Clark [7]. Note that the sum of the orders of 
these / observers can be prohibitively large. However, by hypothesising that only 
one sensor failure is present at a time, the number of the observers can be 
substantially reduced (see [7]). 

The reader should note that the Clark’s approach applies only to the case of 
sensor failures that can be modeled by choosing the matrices J^ as columns of the 
identity matrix, but the concepts outlined in this section are much more general, 
and they can be used to treat both sensor and actuator failures simultaneously. 
Nevertheless, for specific cases, our general approach can be specialized to the one 
proposed in [7]. 

i 
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Chapter 4 

Failure Detection and Identification 

Problems 

In Chapter 3, the function of a failure detection and identification filter was 
explained in detail. Also it was shown how the effect of different component 
failures can be modeled. Hence, the reader should have a clear understanding of 
the problem that we are trying to solve. In this chapter, we shall formulate and 
solve various FDI problems, each emphasising different practical considerations. 

Ail of the major contributions of this thesis are included in this chapter. We 
start with simple detection filters and gradually extend them to the most general 
cases. Numerical examples are used throughout this chapter to familiarize the 
reader with the actual design procedure. In all of the developments, without loss of 
generality (see Section 3.1), it is assumed that the system can be described by the 
model given in (3.10). 

l 

■ 

4.1 The Fundamental Problem in Residual Generation 

In this section, a restricted version of FDEFP is introduced and solved. First, 
we assume that only two failure events are present, and it is desired to design a 
residual generator which is sensitive to the failure of the first actuator but is 
insensitive to the failure of the second actuator. This restricted version of FDEFP 
will be called the fundamental problem in residual generation (FPRG). Later on, 
FPRG will be extended to more general cases. 
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Consider the model given in (3.10) with k = 2, 
x{t) = A x(0 + B u{t) + Lj + Lo molt), 

y{t) = Cx{t). (4.1) 

The dimensions of the maps shown in (4.1) are the same as the ones given in (3.1) 
and (3.2). The term Lj mj(^) represents the faulty behavior of the actuator that we 
are trying to monitor, i.e., a nonzero m^{t) should show up in the output of the 
residual generator r{t). Similarly, L 2 Jzj 2(0 represents the faulty behavior of the 
other actuator which should not affect r{t). As usual, our observables are the 
measurement y(t) £ y and the known actuation signal u{t) £ U. 

As in Chapter 3, consider a residual generator of the form 
w{t) = F w(t) - E y[t) + G u(t), 

r{t) = M w{t) - H y{t) + K u{t). ^ (4.2) 

I 

Note that this is the most general form of a realizable LTI processor which takes 
the observables y{t) and u(f) as inputs and generates a residual r{t). 

Let us rewrite (4.1) and (4.2) as follows; 


r(t) — 

( -HC M ] 

x(t) 

+ 1 A' 0 ] 

«(0 



. . 




Define the extended spaces = X W and = U @ Aio. Let (x, w) £ X® 
and («, m 2 ) £ Zi®. Equation (4 3) can be rewritten as follows- 


i(0 


A 0 ■ 


x(t) 


B Lo 


u(t) 




= 




+ 




+ 


w(t) 


-EC F 


w{t) 


G 0 _ 


_mo(0 


0 


ie{t) = A^x%t] + 5® ti®(/) + 
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r{t) = + K^u^[t). (4.4) 

The maps A^, L^, and in (4.4) have obvious correspondence with the 

matrices shown in equation (4.3). 

Consider the systems given in (4.3) and (4.4). Temporarily, we define FPRG 
as the problem of finding F, E, G, M, H, and K such that the following transfer 
matrix relationships hold; 


u® = (u, m 2 ) r = 0, 

(4.5) 

mj t-+ r left-invertible. 

(4.6) 


I 

4 

The relation (4.5) indicates that ^2(0 and u{t) should not affect the output of the 
residual generator, r(t). Also, (4.6) states that if r{t) = 0, then mj(<) must be zero, 
i.e., if the first actuator fails, then its effect should show up in the residual vector 
r{t), or equivalently the mapping from mj(<) to r{t) should be one to one. A brief 
review of the concept of left invertibility is given in Definition 8 of Section 2.2. 

When the condition in (4.5) is satisfied and the first actuator is functioning 
properly, all signals r{t) obtainable by varying the initial conditions i(0) and w(0) 
are exactly those outputs obtainable by varying the initial condition e(0) of 
e = Fq e, r = Mq e, for some observable pair {Mq,Fq). We call the spectrum of Fq 
the dynamic of the residual generator . Naturally, in FPRG in addition to the 
conditions in (4.5) and (4 6), the dynamic of the residual generator should be stable. 
Because when no failure is present, the residual caused by the initial condition 
mismatch should die away. 

For practical reasons, the requirement of left invertibility given in (4.6) can be 
relaxed and replaced by the condition of input observability (see Definition 10 of 
Section 2.2). We note that even if the system relating mj(^) to r(/) is not left 
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invertible but is input observable, it will be extremely unlikely that an arbitrary 
nonzero m^{t) will hide itself in the null space of the mapping from m^it) to r{t) so 
that the failure can not be detected. (See Section 2.2 for an example of an input 
observable but not left invertible system.) Hence, if we replace (4.6) with the 
condition of input observability, then almost all failure modes will show up in the 
residual r{<). Also in identifying the failure, only the magnitude of r||/) and not its 
functional behavior is used. Therefore, the ideal requirement of left invertibility is 
really an overkill for the failure detection and identification purposes. 

It may be argued that we can even relax the condition of input observability 
and require only that the transfer from m|(s) to r(s) should be nonzero. However, 
then it is not necessarily possible to reconstruct m^(t) from r(t), but the input 
observability implies that if the failure mode m^lt) has some rather mild properties, 
then it is still possible to reconstruct m^(/) from r(t). 

In addition, if we are dealing with a single-input multi-output system, i e., the 
transfer function is simply a column vector, then input observability automatically 
implies left invertibility (see Lemma 11 of Section 2 2). In the context of the FDI 
problem, the transfer matrix 1\s) relating m^(s) to r(s) is usually a column vector 
(or an scalar), since the failure signature is usually a column vector. Therefore, 
in the FDI problem typically the input observability of T(s) is equivalent to its left 
invertibility. 

Based on these arguments, we restate FPRG as follows. Consider the system 
given in (4.3) and (4.4). FPRG is the problem of finding F, E, G, A/, H, and K such 
that: 


= (u, m 2 ) r = 0, 
mj r input observable. 


(4.7) 

(4.8) 
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and the dynamic of the residual generator is stable. 

We need a few preliminary results for deriving the solvability condition of 
FPRG. Let X® be as defined previously in this section, and define the embedding 
map Q : X —* T® as in (3.21) (see also (3.22)). It is relatively simple to relate the 
unobservability subspaces of the two systems in (4.4) and (4.1). The following 
fundamental result is crucial to the solvability condition of FPRG. 

Proposition 1: Let S® be the unobservable subspace of (/f®,A®); 

then Q~^S® is a {C,A) unobservability subspace [46, 41, 40]. 0 

Less precisely, Q~^5® can be written as 5®n T. With this result at our disposal, 
the solvability condition of FPRG is immediate. 

Theorem 2: FPRG has a solution if and only if 


S* n Z-i = 0, 


(4.9) 


where S* = inf ^(jLo)- Also if (4.9) holds, then the dynamic of the 
residual generator can be assigned to an arbitrary symmetric set A. 

Proof: (only if) Consider the systems given in (4.4) and (4.3). For 
(4.7) to hold, we should have /C® = 0, and 

<A®|B®> C S® ;= <Ker//®|A®> (4.10) 

Equation (4.10) implies S® C S®; hence, 

Q-ia®c s := g-is®. 

By Proposition 1, S is a (C,A) u.o.s .Also Q~^B^ D Lo- Therefore, 


S E S{U). 


(4.11) 



I 
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For (4.8) to hold, we should have L® monic and £.®D5® = 0; thus we 
should have Lj monic and 

Q-'^[L^r\S^) = Q-^ur\Q-'^s^ 

= L^ns = o. (4.12) 

Obviously (4.11) and (4.12) hold only if (4.9) is true. 

(if) Using Theorem 16 of Section 2.3, let Dq £ ^iS*), 

P: r — » X/S* be the canonical projection, and := {A+DqC : X/S*). 

Let // be a solution of Ker HC = S* + Ker C and iM be the unique 
solution of MP=HC. By construction, the pair {M,A^) is observable, 
hence there exists a such that cr{F} = A where F := A^+D^M and A 
is an arbitrary symmetric set. Let D — Dq+P~^DiH, E — PD, G = PB, 
and K = 0. Define e{t) •= w{t) — Px{t). Then 

e = w — Px = Fw — Ey + Gu — PAx — PBu — PLim^ — PL 2 TTI 2 
— fyj _ PDCx — PAx — 

— Fe — PL^mY 

(Note that PLo = 0, since £..3 C S* ) Also 


r = Mw — Hy = Afw — HCx = Mw — MPx = Me. 


Thus, the system relating m^(<) to r{t) is [M,F,—PLi). (Hence the transfer 
matrix -T(s) relating m2(s) to r(s) is-iV/(s/— F)~^PLj.) Obviously, the 
requirement in (4.7) is satisfied Moreover, S*nLi = 0 and monic 
imply that PL^ is monic. .Also, {M,F) is observable; hence from the 
definition of input observability it follows that the system relating mj(f) 
to r(t) is input observable and (4 8) is satisfied. 0 

Note that the major step in the design of the filter is to place the image of the 
second failure signature in the unobservable subspace of the residual, r{t), and then 
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use the procedure given in Section 2.1 to factor out the unobservable subspace so 
that the order of the filter is reduced. Also, the necessary condition simply states 
that the image of the first failure signature should not intersect the unobservable 
subspace of the residual generator, so that a failure of the first actuator shows up 
in the residual r[t). 

Moreover, the failure signature Lj is only used to check the solvability 
condition, and the actual construction of the filter is independent of Hence the 
filter given in Theorem 2 can be used to identify any actuator failure with 
signature L3, if 5* D £.3 = 0. Also the failure of any other actuator with signature 
L4 such that I4 C S* will not show up in r{t). 

We can state an interesting interpretation of the solution to FPRG. 
Referring to Theorem 2, the dynamic of the residual generator can be rewritten as 
follows: 

w{t) = AQ w(t) - PD^yit) + G u(0 + D^r{t), 

lit) = M w{t) - H y(t). (4.13) 

Note that by choosing Dq and H appropriately, we change the observability 
property of (HC,A+DqC) in such a way that the second actuator failure becomes 
unobservable from the residual. Next, by injecting the residual r{t) back to the 
filter, we modify the spectrum of the residual generator as we wish. Clearly, the 
residual generator given in (4.13), can be thought of as an observer for the 
hypothetical system 


2(0 = Aq Z{t) -h 

Vhi^) = "( 0 . 


(4.14) 



-82- 


where Uf^{t) := P[Bu{t)—DQy{t)) is the hypothetical input, and yf^(t) := H y(t) is 
the hypothetical measurement. This interpretation of the residual generator can be 
used effectively in computing an appropriate gain that minimizes the effect of 
measurement and process noise on the residual r(f). 

To illustrate this point, consider the original system model given in (4.1) and 
assume that an additive white noise with covariance .£J[u^(t)uj'(r)| = r) 

is entering the system as an input. Also assume that the measurement y{t) is 
corrupted by an additive white noise Uo(/) with covariance ~ ^2 

and uncorrelated with the input noise Now if we incorporate the effect of 

and Vo on the hypothetical system of (4.14), we get 

= Aq z(/) -t- U;^(t) + ^3(0, 

y/i(0 = (4.15) 


where v^{t) := /1(i;i(0— ^ 4 (^) Hvn[t). Note that and 114 are now 
correlated. A simple computation shows that the intensity /?34 of the noise driving 
the system in (4.15) is 


^34 — ^ 


^^3(0 

^4'(0I 

■ PR^P'+PDqRoDq'P' 

-PDqRoH'' 

. ^4(0 . 


-HR..^D^P' 

HRnH' 

it J 


4.16) 


With the objective of whitening the residual r{t), simply design a steady state 
Kalman filter for the system given in (4.15) with the noise statistics as in (4.16). 
Then use this steady state Kalman gain for the matrbc of (4.13) 

Note that in order to compute the gain matrix as the solution of an 
optimal estimation problem, we need the covariance matrices and Ro which 
most probably are difficult to determine. However, a non stochastic approach is to 
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choose so that the transfer matrix TTa) = ^^I{sI—An—D^M)~^PL] has certain 
nice properties . For example, it is not difficult to see that increasing the 
bandwidth of T\s), which is desirable for fast response, can translate into low 
steady state gain which can lead to difficulty in distinguishing the response due to 
a failure from that due to background noise. Therefore, the gain matrix can be 
used to find a compromise between different conflicting desirable properties. 

Another important observation is that the sensitivity of the solution strongly 
depends on the choice of the matrices Dq and H. Note that these two matrices are 
the only parameters used in fixing the unobservable subspace of {HC,A+DqC). 
Therefore, an important practical consideration is to choose Dq and H such that 
the unobservable subspace of [HC,A-\-DqC) is made relatively insensitive to changes 
in the system matrices A and C. 

It is clear that the order of the residual generator given in Theorem 2 is 
n—d(S*), and this order is in general conservative. This is because there may be a 
U.O.S., 5, which satisfies (4.9), and contains S*. Clearly, using this S the order of 
the residual generator can be further reduced. Unfortunately, there is no 
systematic way of constructing such non-infimal unobservability subspaces. 
However, for the case of monic C, the minimal solution is obvious, and this special 
case is discussed in Section 4.1.2. 

Also, it follows immediately from (4.9), that the independence of and Lo is 
a necessary condition for the existence of a solution to FPRG . This is intuitively 
obvious, because if the failure signatures are not independent, then there exist 
failure modes such that L^m^(i) = Lomo(t), and there is no way to distinguish 
between these two failure events by observing the output of the system. 

The reader who is familiar with the disturbance decoupled estimation 



-84- 


problem (DDEP) [46, 4] can readily recognize the relationship between DDEP and 
FPRG. However, these two problems have subtle differences which completely 
distinguish them from each other. In DDEP, the state that is to be estimated is 
given as part of the problem statement. In FPRG, we have to find that part of the 
state space that can be estimated even in the presence of unknown input mo{t). 

Now the issue of generic solvability is discussed. Genericity is a qualitative 
measure that can be used to decide whether it is almost certain that a problem is 
solvable if all the elements of the matrices modeling the problem are chosen 
arbitrarily. If a matrix equation is violated only for very special choices of entries 
of the matrix (more specifically, for choices corresponding to algebraic varieties in 
the parameter space), then the equation is said to be generically satisfied. We refer 
the reader to [50] for a thorough discussion of this subject, and here only list a few 
important results that one should know about genericity. 

Let A, C, and L be arbitrary matrices with dimensions nXn, /Xn, and nXm 
with m <n\ then 

- The generic rank of L is m. 

- Let "W* := inf )t[(L). Then generically 

(L, if m < I 

Ir, if l 

- Let S* := inf S{L). Then generically 

ifm<l 

I r, if m > l 
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Note that the set of points on which the above generic conditions do not hold has a 
Lebesgue measure of zero. However, in some actual problems the generic 
conditions may not hold. 

Now the above facts are used to state the generic solvability of FPRG. 

Proposition 3: Let us assume that A, C, L^, and L 2 are arbitrary 
matrices with the respective dimensions nXn, IXn, nXk^, and nXk 2 - 
Then FPRG generically has a solution if and only if 

^1 + ^2 ^ (4.17) 

Ato < /. (4.18) 

Proof: (only if) As we mentioned previously, the independence of 
and I 2 is ^ necessary condition for the existence of a solution; hence, 
(4.17) follows immediately. .Also, if / < ^ 2 > generically 5* = X, and 
obviously (4.9) can not hold; thus (4.18) is necessary. 

(if) If (4.17) holds then and £.9 s-re generically independent. Also 
if / > k 2 , then S* defined in Theorem 2 is generically equal to Lo. 
Therefore, (4.18) is generically satisfied and FPRG has a solution. 0 

Note that if the S* defined in Theorem 2 is used to design a residual generator, 
then the generic order of the processor is n—k 2 - 

Now we solve a simple example to illustrate the design procedure. Consider 
the system given in (4.1) with 



’o 

3 
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1 
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‘ 0 

1 o' 


1 

2 

3 
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.5 
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0 
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and B~ [L^, L<^. Now assume we want to design a residual that is sensitive to the 

I 
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failure of the first actuator, and is insensitive to the failure of the second actuator. 
First, let us compute S* defined in Theorem 2. Using UOSA, 


S* := 


-3 1 
1 0 . 
0 0 


Clearly H 5* = 0; therefore, FPRG is solvable. Now we want to use the 
procedure given in Theorem 16 of Section 2.3 and Theorem 2 here to find the F 
matrix with arbitrarily assignable spectrum. First we characterize the elements of 
D{S*). Let Dq — ] {i £ 3,j £ 2); then Dq £ D{S*) if and only if 



0 3-1- 


'-3 1 ' 

0 0 1] 

1 2-j-doj 3-f(/2‘> 

. 0 24 -^ 3 ^ 5-f-d32 . 


1 0 
0 0 


This equality implies ^31 — and all other d^J are arbitrary. Let us choose Dq as 
follows: 



0 

0 . 
0 


Define Aq = {A+DqC : X/S*). A simple computation shows that 


Aq = [ 0 0 1 


1 

O 

CO 

1 


1 

o 
1 

1 2 3 


0 

0 0 5 


[IJ 


= 5. 


.AJso we know Ker HC = S* -f- Ker C Substituting for C and S* we have 
H — [0, Ij. Moreover, Cq •= hence Cq = 1. Let us choose Dj such that 

<7(Aq-|-DjC'o) = {—5}. To place the pole at s = —5, we should choose = —10, 
and thus D = Dq-\-P~^D^H is simply 
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D = 


0 0 

0 0 . 

-2 -10 

J 


By Theorem 2, we have M = HCP~'‘ = Cq, E = PD = [—2, —10], and G = PB 
= (.5, 0|; thus the residual generator has the following form: 

w{t) = -5 w{t) - (-2, -10] y(t) + (.5, 0] u{l) 

r{t) = w{t) - [0, 1] y{t). (4.19) 

Note that the residual generator does not use the signal commanded to the second 
actuator. This necessarily follows from the fact that the failure of the second 
actuator should not affect the residual r(f). Note that if the first failure signature 
had been 


II = [1, 0, 0] 

then clearly LiQ S* and FPRG would not have had a solution. We shall continue 
this example in the next subsection, after some preliminary theoretical 
developments. 

I 

4.1.1 Extension of FPRG to Multiple Failure Events 

In this section we extend FPRG to the case of multiple failures. Let us 
assume that k failure events are present, and we want to design a processor which 
generates k residuals, rj(f) (/ G k), such that the failure of the i-th component, i.e., 
nonzero can only affect the i-th residual r,(<) and no other residuals (<) 

(y ^ j). In the notation of Chapter 3, this is equivalent to choosing the coding sets 
to be J7, = {j} (i G k). We call this problem the extended fundamental problem in 
residual generation (EFPRG). 



- 88 - 


Obviously, if EFPRG has a solution, then it is possible to detect and identify 
even simultaneous failures with almost arbitrary modes for each component failure. 
Note that for identifying simultaneous failures, we need at least as many residuals 
as there are failure events. In this sense, the coding set ={i} (i G k) (or any 
permutation of it) is minimal. 

In the preceeding paragraph, we used the phrase almost arbitrary mode of 
failure, because as in FPRG we shall only require that the system relating m,(t) to 
r,(t) be input observable, there by allowing the possibility that some special m,(t) 
can not be detected. For the filter to be capable of detecting simultaneous failures 
with arbitrary modes for each component failure, the requirement of input 
observability of the system relating m^[t) to r,(^) should be replaced by the 
condition of left invertibility. However, this is jiot typically necesslary in failure 
detection and identification, and as was explained in Section 4.1, when Tn^{t) are all 
scalars, the condition of input observability and left invertibility are equivalent. 

Now the solvability conditions of EFPRG are stated. 

Theorem 4: EFPRG has a solution if and only if 
5,*n£, = 0 , iek, (4.20) 


where S* inf 5(^^ ^ ^ Ly), i E k. 

Proof: (only if) The necessity follows immediately from the proof of 
Theorem 2. Just replace the and Theorem 2 with L^ and 

t respectively. 

(if) For sufficiency, the procedure given in Theorem 2 can be used to 
design k different residual generators, each generating the residual 
r,(<). Let Z),- E D{S*) and F^ — {A+D^C X/S*). Obviously, can be 
chosen such that cr(E,) = 4, for arbitrarily given symmetric sets A^ (see 
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Theorem 16 of Section 2.3). Let (?,• = P^B, i/,- be any solution 

of Ker HfC = S* 4- Ker C, A/,- the unique solution of M^P^ = H^C, and 
Kf = 0. A simple computation shows that r,(s) = —T^{s) m,(s) with 
r,(a) = MJ(Sl—F^~^P^Li. Using the same argument as in Theorem 2, the 
system relating m^{t) and r,(<) is input observable; thus the collection of 
the residual generators 17^,- (i G k) is a solution to EFPRG. 0 

A family of failure signatures satisfying the conditions in (4.20) will be called a 
strongly identifiable family . This concept has important system theoretic 
consequences because it is not possible to design an LTI residual generator which 
identifies simultaneous failures within a family of failure events if the family is not 
strongly identifiable . Therefore, the concept of strong identifiability is fundamental 
in the FDI problem. 

Note that the solution given in Theorem 4 is a combination of k separate 
FPRG each generating a different residual r,(t). The block diagram of this residual 
generator is given in Fig. 4-1. Also using (4.20) and the definition of 5,*, it follows 
immediately that for EFPRG to be solvable, the family of failure signatures 
{L,-, i G k} must necessarily be independent. 

The order of the residual generator given in Theorem 4, i.e., the sum of the 
orders of k different residual generators, can be quite large. Nevertheless, in this 
filter, the residuals are generated by k completely decoupled filters, and there is a 
great deal of freedom in choosing the F,- matrices of these individual residual 
generators. This freedom can be used to realize the other desirable properties of 
the residual generator like enhancing the effect of the failure or supressing the 
effect of noise on the residual, as was e.vplained in Section 4 1. .AJso, the freedom in 
choosing the gain matrices can be used in reducing the sensitivity of the solution to 
the variation in the system parameters Now we proceed with stating the generic 
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Figure 4-1; Block Diagram of EFPRG 


solvability conditions of EFPRG. 

Proposition 5; Let us assume that (A,C,L,) are arbitrary matrices 
with dimensions nXn, IXn, and nXk, respectively. Let K := 

Then EFPRG generically has a solution if and only if 


K < n. (4.21) 

K — min {k-, i G k} < 1. (4.22) 

Proof; (only if) Necessarily, L^ (i E k) should be independent. 
Hence (4.21) is immediate. Also if then generically 

S,* = X. Therefore, (4.22) is necessary. 

(if) Inequality (4.21) implies that ? E k} is generically an 
independent family of subspaces. Also, (4.22) implies that I > ^ ^ kj, 

hence, generically S* = independence of i E k} 







I 

* 
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it follows immediately that (4.20) holds, and EFPRG is generically 
solvable. 0 


Note that if the family {5,*, i G k} defined in Theorem 4 is used to design a 
residual generator, then the generic order of the processor is 

To illustrate the design procedure given in Theorem 4, we shall now continue 
the example in Section 4.1. The residual generator we designed previously is the 
same as 27^^ of Theorem 4. Therefore, rename the r{t) given in (4.19) as r^(0, and 
we only need to design the residual generator, £"^21 which is sensitive to the failure 
of the second actuator but is not affected by the failure of the first actuator. Using 
UOSA, we have 


Sr* 


2 — 


1 

..5 

.5 


Also let 



1 2 0 
0 1 1 


be the canonical projection. Now we use the procedure given in Theorem 16 of 
Section 2.3 to find Do such that {A+DoC : XI So*) has arbitrary spectrum. First we 
find a Dq 2 G D(S 2 *). A simple computation shows 



0 -7 
0 0 
0 -6 


is a suitable choice. Let Aqo = (A+DqoC : T/ So’) then 
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[2 3 ■ 

Aq2 = L ^ 2 . • 

By definition of a u.o.s., there exists an Ho such that Ker HoC =So*+Ker C. A 
simple computation shows H 2 = (1, 1] is appropriate. Also 

Cq2 — ~ 

Moreover, (Co 2 ,Aq 2 ) is by construction observable. Therefore, there exists a Dio 
such that the spectrum of F 2 = Aq2+Di 2^02 assigned arbitrarily. Let us 

choose A 2 = {-2,-3}. Then Z)j 2 = (—23, —9]'. Also 

’-23 -30 ‘ 

Z?2 — ^02 "b -^2 ^■^12'^'^ ® ^ 

[-9 -15_ 

From Theorem 4, we know Eo = PoDo, = Cqo, and Go = PoB. Therefore, the 
residual generator which is sensitive to the failure of the second actuator and is not 
sensitive to the failure of the first actuator is simply 

r 2 -20 1 r -23 -30 1 r 0 -1' 

Wo(t)= ^ 2 ( 0 — y(0 + ‘^(^)- (‘^•23) 

[ 1 -7 J ‘ [-9 -15 J [0 1 _ ' 

r.2{0 = ( 0 1 I u;2(0 - ( 1 1 1 y { t ). 

Note that this residual generator does not use the signal commanded to the first 
actuator. 

As we said before, rename the residual r{t) given in (4.19) as r^(i) and write 
both (4.19) and (4.23) m a single equation as follows: 
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w{t) = 


KO 


■-5 0 o' 


'-2 -10' 

0 2 -20 

w{t) - 

-23 -30 

0 1 -7 


-9 -15 

0 

0 


' 0 1 ‘ 

[001 

w{t) - 

1 1 


y{i) + 


J y(0. 


.5 0 

0 -1 
0 1 


«(0. 


(4.24) 


where r(0 := [r^(t), r. 2 (i)]'. 

To gain some insight into the problem, let us compute several different 
transfer matrices associated with this example. First denote the transfer matrix 
relating m(s) = mo(s)]' to y(s) by G^(s). A simple computation shows 




I 

3^— 7a^+3+7 


-.5(s2-10s+6) (s-3)(s-5) 
.5(s2-4s-|-1) 2{s-3) 


Now consider the residual generator given in (4.24) and let us compute the transfer 
matrix, Hy{s), relating y{s] to r(s). It follows immediately that 



P 2 -(3-5) , 

(3+5) (^+ 5 ) 

— (3^-43+!) — (3“— IO3+6) ■ 

, (3 + 2)(3 + 3) (3 + 2)(3+3) 


The next step involves finding the transfer matrm from m(s) to r(s). This transfer 
matrix is simply Hy{s) G'^(s), and carrying out the multiplication 


Hy{a) GJs) = 


-.5 

( 3 + 5 ) 


-(3-3) ... 
0 (3+2)(3+3) 


.As was required, can only affect Tj, and similarly mo can only affect ro. Also it 

can be shown that the transfer function from u(s) to r(s) is zero. Therefore, 
EFPRG is really the problem of designing a stable diagonalizing post compensator . 


We shall expand this view point in the next chapter. 
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It seems that the minimum order residual generator for this particular 
example is not less than third order. Thus the filter we have designed is minimal in 
this sense. Note that in this example, n and k are very close to each other. In 
problems where the number of failure events is much less than the number of the 
states, the order of the residual generator should be reduced using other clever 
design procedures. However, these lower order residual generators will not 
necessarily have the decoupled properties of the solution given in Theorem 4. 
These decoupled filters can be considerably less sensitive to variations of system 
parameters than a filter of lower dimension which is not decoupled. Moreover, the 
block diagonal structure permits the filters to be designed and implemented 
independently of each other, which can result in considerable simplification of both 
tasks. 

Nevertheless, an interesting question is how to reduce the order of the 
processor given in Theorem 4. As the reader may expect, this question can 
heuristically be answered using the concept of the compatibility of a family of 
unobservability subspaces, which was introduced in Section 2.4. In the following 
sections we shall formulate several different problems which usually have solutions 
of a lower order than the solution given in Theorem 4. First we begin with the 
special case where the measurement gradient matrix C is monic. 

4.1.2 The Special Case of C Monic 

As remarked in Section 4.1, we do not know at present what the minimum 
order solution to FPRG is. However, if the C matrix in the model (3.10) is monic, 
then we can easily answer the minimality question. It follows from this assumption 
that any arbitrary subspace of X is an unobservability subspace, since output 
injection can be used to completely erase the structure of the A matrix and replace 
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it with whatever we want it to be; i.e., when the map C is monic, the equation 
A-k-DC — X has a solution for any arbitrary matrix X of compatible dimensions. 

Now, assume that the subspaces 1, are independent. Because C is monic, S* 
defined in Theorem 4 is simply S* = ,• -t-;- Using the independence of 

{£,•, i G k}, it follows immediately that EFPRG has a solution. In other words, if 
C is monic, then any independent family of failure signatures is strongly 
identifiable . Now let us choose a family of subspaces {5,-, i G k) such that the 
elements of this family each satisfy the following conditions: 

-'ek, (4.25) 

Li © Si =X, i& k. (4.26) 

Since C is monic, it follows that the 5,' are unobservability subspaces. Hence these 
subspaces can be used to design a family of residual generators which is a solution 
to EFPRG. Simply find £>,- G ^(5,) which arbitrarily assigns the spectrum of 
where F’,-= [A+Dfi: X/S^). Let P^ : X —>■ X/5,- be the canonical projection and 
define G- — P^B, a solution of H^C = Ker C S,-, and M, the 

solution of M,P,- = i/,C. Clearly, the collection of the residual generators 

Wi{t) = Fi w,(0 - Ei y(t) + G, u(t), 
r,(t) = Mi w,{t) - Hi y{t), t G k, 

is a minimal solution to EFPRG. When the above design procedure is used, the i- 
th residual generator is k-th. dimensional. Hence the collection of these residual 
generators is simply K dimensional. 

However, the special case where C is monic is quite uncommon in actual 
practice, and in other more general cases, the task of reducing the order of the 
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residual generator is difficult. In Section 4.3, we shall use the concept of 
compatibility to reduce the order of the solution to a restricted version of EFPRG. 
This restricted version of EFPRG is very closely related to the Beard and Jones 
detection filter problem which we shall formulate geometrically in the next Section. 

4.2 Beard and Jones Detection Filter Problem 

In this section we reformulate the original failure detection filter problem 
stated and solved by Beard [3] and later extended by Jones [22]. Our approach is 

based on the (C,^)-invariant and unobservability subspaces which leads to a 

numerically simple design algorithm when the failure signatures are column vectors. 

Consider the model given in (3.10) and consider a full-order observer of the 

form: 

iv{t) = {A+DC) w{t) — D y{t) + B u(t), 

r{t) = C w(t) - y(t). (4.27) 

Also assume that the pair (C,A) is observable . Define e(t) := w[t) — x{t), and for 
the time being assume e(0) = 0 . Using (4.27) and (3 10), we have 

i(t) = [A+DQ e{t) - L,m,{t), 

r[t) = Ce{t). (4.28) 

If the i-th actuator fails, then m,(<) 0, e[t) E V, ;= <A+DC\L^> , and 

r(^) G C^)^. Now consider the problem of finding a map D . y ^ X such that the 
family of subspaces i G k} is independent; in this case residual generated by 

each different actuator failure is confined to an independent subspacq. If such a D 
exists, then the failure can be identified by finding the projection of r{t) onto each 


C-^ 
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of the independent subspaces CV, and comparing the magnitude of this projection 
to a threshold. 

The reader should note that in this formulation, the filter is capable of 
detecting simultaneous failures with almost arbitrary mode of failure‘s. We say 
almost because the observability of {C,A) and the monicity of L,- do not imply that 
all nonzero m,(/) will show up in r(i). However, the system (C,A+DC,LJ is 
obviously input observable^ (see Definition 10 of Section 2.2) and in the scalar case, 
i.e., k,- = 1, this is equivalent to the condition of left invertibility (see Lemma 11 of 
Section 2.2). Hence, if m^(i) ^ 0, then r(i) ^ 0. 

We shall refer to this formulation of the failure detection and identification 
problem as the Beard and Jones detection filter problem (BJDFP). This 
formulation is somewhat different from the one given by Beard [3], but both lead to 
the same result when the subspaces CV,- are restricted to be one-dimensional. Also 
for the time being, we do not include a stability requirement in the problem 
formulation. Remember that we assumed e(0) = 0. Obviously any practical filter 
should be stable; otherwise the unknown initial condition results in a nonzero 
residual vector even when no failure is present. Later on, we shall deal with the 
stability issue in detail. 

We should point out that Beard’s and Jones’ formulation of the failure 
detection and identification problem is fundamentally different from what we 
considered in Section 4.1.1, and it is somewhat limited. We shall illustrate this 


^By relaxing the requirement of identifying simultaneous failures, we can greatly enlarge the class 
of solvable problems. 

^Note that the observability of (C..4) implies that (C,yt+PC) is observable. 



-98- 


limitation at the end of this section through an appropriate example. Also in 
Section 4.3.1, we shall exploit the relationship between BJDFP and the dual of the 
control decoupling problem. In spite of its shortcomings, BJDFP is quite 
attractive for practical applications and it leads to a computationally simple design 
procedure when the failure events are one dimensional. This is the most important 
reason for discussing BJDFP. 

4.2.1 Solution of BJDFP 

Assuming the filter has the structure given in (4.27), BJDFP can be stated as 


follows; Given A, L^ (i G k), and C, find an output injection map D : y —* X and a 
family of subspaces i G k} such that 

{A+DC) C -Wi, i G k, (4.29) 

LiCWi, tGk, (4.30) 

cv,n{j2j^.cw) = o, i€k. (4.31) 


Condition (4.31) requires that i G k} be output separable, and (4.29) requires 
that the family of (C,A)-invariant subspaces % £ k} be compatibly. 

In order to take care of the trivial cases, we assume that the family 
i G k} is independent. To justify this assumption, we know from Lemma 30 of 
Section 2.4 that if there exists a family {W^, i G k} such that (4.29) and (4.31) hold, 
then this family is independent. Therefore, if {£,, i G k} is not independent, then 
(4.30) cannot hold, and BJDFP does not have a solution. Now we state the 
solvability condition for BJDFP. 

Theorem 8: Let yil* = inf }V(L,); then BJDFP has a solution if 
and only if 
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= (4.32) 

Proof; (only if) Necessity follows immediately from the infimality of 

Wi*. 

(if) Clearly (4.32) indicates that the family fGk} is output 

separable, and from Lemma 29 of Section 2.4 it follows that this family is 

L 

compatible. Hence C[._^D{'W*) ^ 0, and t E k} is a solution to 

BJDFP. 0 

Obviously, the solution of the problem is straightforward because output 
separability implies compatibility and that is all we need to solve BJDFP if pole 
assignability is not a requirement. 

When the failure signatures are simply column vectors (the scalar case), 
computation of the subspaces Wj* is particularly simple. Using CAISA given in 
Theorem 12 of Section 2.2, it follows immediately that: 

* 

y^i* = 1, © • • ■ © L (4.33) 

where is the smallest integer such that CA^iL^ 7 ^ 0 . (Generically fi - = 0, and 
IV* are generically equal to Im L,-.) Using (4.33), it follows that in a given basis the 
insertion map W - ; W* — *■ T is simply 

W,.= [L,-,AL„ ... 

Let us define 


/.• := and / .= [l^, . . . ,^. 


Using the insertion map of 11/,* we have 


(4.34) 


yj* = Im'/, © n;,* n Ker C. 


(4.35) 
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Now assuming that {W*, i G k} is output separable or equivalently Rank Cl = k, 

k 

we want to find a. From the proof of Lemma 29 of Section 2.4 

and equation (4.35), it is immediate that if is a solution of 

—A [ /j, . . . , /yfc ] = DjC [ /^, . . . , ]. (4.36) 

then G Clearly one solution to (4.36) is 

Di = -Al{Cl)-K (4.37) 

Note that this is a solution of BJDFP when the failure signatures are 
simply column vectors. We shall later on show how the gain matrix can be 
modified so that some part of the spectrum of the detection filter can be assigned 
arbitrarily. 

If the initial error e(0) is not zero, then naturally we should add a stability 
requirement to the problem statement so that the initial observation error dies 
away and the residual stays close to zero when no failure is present. It will be 
shown shortly that output separability is not a sufficient condition for pole 
assignability, and other additional requirements are necessary. To derive these 
conditions, we need a few preliminary results. 

Lemma 7: Let 'W* := in[W(L,), and {TV,*, I'Gk) be output 

separable; then 

W := inf L,) = W,*. (4.381 

Proof: Let TV = > and L := C,. It is always the 

case that TV* D TV ; therefore, we only need to show the reverse inclusion. 

We know TV is (C,,4)-invariant since (TV,*, i G k} is output separable and 
hence compatible. Therefore, 
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(4.39) 

Also 

inf Bit') D inf }^L), (4.40) 

since W D L. Using (4.39) and (4.40), it follows that W* C and the 
conclusion is immediate, 0 

Note that, because the output separability of {){/,•*, I’Gk} implies the output 
separability of i G f?} for any i7Ck, it is immediate that 

V := inf ME( 6 n ^.> = Ei 6 n W- (■»•«) 

Now assuming {IV,-, i 6 k} is a family of (C, A)- invariant subspaces that solves 
BJDFP, we want to find what the spectrum of the resulting observer is, and 
whether it is possible to assign all of the eigenvalues of A+DC arbitrarily. 

Theorem 8: Let ()V,-, » 6 k} be a family of subspaces satisfying 

(4.29), (4.30), and (4.31), Then there e.xists a Dq such that 

<r(A+DoC ; )V,) = A.-, i G k, (4.42) 

where A,- (i G k) are arbitrary symmetric sets with 1A,| = d()V,). .Also for 
all Dq G n*_^^(^,), the spectrum of 

ct{A+DqC-.T*/MI) (4.43) 

is fixed where W := IV- and T* := inf S()V). 

k 

Proof: Let G n^._^;^()V,) which obviously exists because 
{IV,-, I'Gk} is a solution of BJDFP. Let Aj^ •= A+D^C and 
W- : W^ -* X be< the insertion maps. Define., A, :=^ {Aj^ : WJ, and 
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C,- ;= CW,-. Because {C,A) is observable, using Proposition 2 of Section 
2.1 we know are observable; therefore, there exist Z),- such* that 

cr(Ai+DiCi) = yi,-. 


Let Dj. be a solution of 


[ H'lOiCW, W^kCWi, I = Dfi[ Vy, W,, I (4.44) 

which exists because {)!>,•, I'Gk} is output separable and hence 
independent (see Lemma 30 and Proposition 1 of Chapter 2). Let 
Pi '. X -*■ XJV)i be the canonical projection and define Dq := -I- D^. 

Clearly F,DoCTF,- = P^D^C\V^\ thus Dq G Als.: -ve have 

{A^DqC ; n/.) = A,^D,Ci, 

and because the family {ll',, j'Gk} is independent (see Lemma 30 of 
Section 2.4), 

<t(A+£>oC : W) = W*^,.4,. 

Now let T* := inf 5(Hf). For all Dq G Dq € nnd 

using Proposition 20 of Section 2.3, it follows that the spectrum of 
a4-fI)oC' is fixed. 0 

Now we specialize the result of Theorem 8 to the family {W*, i G k} defined 
in Theorem 6. Let D G n^_j^(^,*) and define "W* = Obviously 

D G and from Theorem 8, 

:= (t(A+DC T*/W*) (4 45) 

is fixed where T* := inf 5(H/*). Now using Proposition 20 of Section 2.3 and 
Lemma 7, it follows that aj-^ is the same as the set of invariant zeros, of the 
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system {C,A,\Li,...,Lj^). Therefore, if the family {W*, « G k} is used to design a 
failure detection filter, then the set of fixed eigenvalues is simply cr^. 

However, we can easily reduce the number of fixed eigenvalues without 
compromising the solvability by using a family of u.o.s.’s instead of {"W*, i E k}. 
Remember that »Gk} defined in Theorem 6 is only one of the possible 

solutions and it is not the only solution. Now define 

Ti* ;= inf i £ k. (4.46) 

Following Beard [3], we shall call T,* the detection space of the failure signature L,-. 
This is because as with "W*, through appropriate selection of the gain matrix D in 
(4.27) it is possible to hold the error vector, e(<), caused by a failure of the i-th 
actuator inside T*. Moreover, T* has this additional property that the spectrum 
of A+DC : XjT* is arbitrarily assignable. Also, T* is the smallest subspace with 
these two fundamental properties, and if we are interested in the pole assignability 
of the observer, T* are the subspaces that we should work with. 

As is stated in (2.62), T,* + Ker C = W^* + Ker C; thus CTj* = CW,*. From 
here it follows that output separability of i E k} is equivalent to output 

separability of {7J*, * E k}. Therefore, if {W^*, ? E k) is a solution to BJDFP, then 
{Tj*, i E k} is also a solution and vice-versa. However, we shall show shortly that 
by using the family {T*, / E k} as a solution of BJDFP, the number of fixed 
eigenvalues of the detection filter can be reduced. Also we shall derive the 
fundamental relation that the family of detection spaces {T,*, i E k} should satisfy 
so that the whole spectrum of the filter can be assigned arbitrarily. 

For the following, let us assume that the failure signatures are simply column 
vectors, i.e.. A:,- = 1. Using (4.35), it follows immediately that 
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CWi* = CTi* = Cl(, (4.47) 

hence CT* are one dimensional. Therefore, in the scalar case, the output images of 
the detection spaces are one dimensional . This is the special case considered by 
Beard and Jones. Now we give an algorithm for computing T* in this special case. 
First we construct a D,- G Using (4.36) and (4.37), it follows that: 

D, := -A(, («()-' e D(W,*). 

Also using Theorem 19 of Section 2.3, it follows that T* is simply the unobservable 
subspace of (H,C,A+D,C] for D; as above and H; satisfying 

Ker = Ker C -h 

Using the insertion map of "W* given in (4.34), it follows immediately that 

//,= /- (CT,)(C(,)-‘, (4.48) 

is an appropriate choice. This algorithm for computing the detection space T,’' is 
the same as the one given in [3] Note that as we said in Section 4.2, contrary to 
UOSA, the procedure given in here is a non-recursive algorithm for computing T*. 
However, this algorithm has mostly theoretical value, and later on other 
numerically more reliable algorithms are developed. 

Now a simple preliminary result that will be useful in stating the pole 
assignability condition is proved. 

Lemma 9; Let T* ;= inf S(L,), and {T,*, I'Gk} be output 
k 

separable. Let T = T,*; then 

T* := inf S(T) = mf £,). 


(4.49) 
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Proof; Let L := 2Zf=i ^i* 

I^d ^ From (4.38), € D{W*) where W* := inf ^L) = 

^i*- Using Theorem 19 of Section 2.3, 

inf S{L) = <Ker C -H W^\A^D/^>. (4.50) 

Also inf 5(7) = <Ker C+ T\A+DjC>, since inf W{r) = T and 
€ n^_j^(7^*). But from (2.62) we know Ker C + T= Ker C + 
and using (4.50), (4.49) follows immediately. 0 

Now we state the necessary and sufficient condition that the family of output 
separable detection spaces {7^*, i E k) should satisfy so that, when used as a 
solution of BJDFP, the spectrum of A+DC is arbitrarily assignable. 

Theorem 10: Let {7}*, t'Ek) defined in (4.46) be output 

separable. Then there exists a map D ;]/—*• 7 such that 

<t{A+DC : T*) = A,-, i G k, 

u{A+DC) = wjLo 

for arbitrarily given symmetric sets A,- (j G kp) with |A,1 = d{T*) (j G k), 
and |/lg| = n — d(T*), if and only if 

T* := inf Q == T>. (4.51) 

Proof; (only if) Let 7 .= hypothesis, the T^* are 

compatible; therefore, 7 is (C,A)-invariant. .Also by hypothesis it is given 
that a{A+DC : 7/7) is arbitrarily assignable to a symmetric set; thus, 7 
is a u.o.s. (see Theorem 17 of Section 2.3). Clearly this implies 
7 = inf 5(7), and using Lemma 9, we have 
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(if) Use the procedure given in Theorem 8 to find a Dq such that 

<t{A^-DqC ; T;*) = A„ i G k. (4.52) 

Obviously Dq G and because T* is a u.o.s., there exists an i/ such 

that 


T* = <Ker HC\A+DqC>. 

Now let P \ X — » X/T* be the canonical projection. Using the procedure 
given in Theorem 16 of Section 2 3, we can find a such that 

(t{Aq+D^q) = A^, (4.53) 

where Aq := {A-^DqC : X/T*) and Cq is the unique solution of 
' CqP= HC. Finally, it follows that 

D = Dq -f- P~'"DjH (4.54) 

is a solution of the pole assignment problem. 0 

Following Beard, a family of u.o.s.’s {T,*, I'Gk} satisfying (4.51) will be 
called mutually detectable . Therefore, the issue of mutual detectability arises from 
the fact that although the sum of a compatible family of u.o.s.’s is (C',A)-invariant, 
this sum is not necessarily a u.o.s. 

In the scalar case, we can use the same procedure as we used before for T* to 
compute T* defined in (4.51). Using Theorem 19 of Section 2.3, 

T* = <K&t HC\A-\-D^C> = <KerC+ W*\A-\-Df:> 

for G D{W*) and 11^ defined in (4.38). By construction of (4.37) is in 
n^_j^()V,*). Hence using Lemma 7, it follows that G ^W*). Also the H 
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matrix should satisfy Ker HC — Ker C + W*. Using the result of Lemma 7 and the 
insertion map of Ml*, it follows immediately that 

H ^ I - [Cl)(Cl)-^ 

is an appropriate choice. Naturally, checking the condition in (4.51) amounts to 
comparing the sum of the detection spaces T* with T*. 

Now let us assume that the family {T*, i G k} is used to design a detection 
filter, and assume that the failure signatures are simply column vectors. Then the 
equation used in Theorem 8 for computing can be simplified. To conform with 
the notation of Theorem 8, let us rename the family of detection spaces 
{T*, I G k} as {W^, i G k}. Then using the result of (4.47), and the relation for 
given in Theorem 8,. it follows that in the scalar case D,. is simply 

D, = [W,D,a„ . . . (4.55) 

Also, we showed earlier that the output images of the detection spaces are simply 
C/,- when the failure signatures are column vectors. Hence we can multiply the 
residual r(/) with any left inverse of Cl and use the transformed residual 

detect and identify the failures. Clearly, if the i-th 
component fails, then the i-th element of T^[t) will be nonzero and all other 
elements will be zero. San Martin [39] has done some preliminary study of the 
effect of different left inverses of Cl on the sensitivity of the detection filter. 

Now assume that the family {T^*, i G k} is output separable but not mutually 
detectable, and we want to determine the fixed spectrum of the resulting observer. 
Let D G n*_j^(T,*). Clearly D G D{T) for T = T*. Using Theorem 8, 

it follows that the fixed spectrum of the detection filter is simply 



:= a{A+DC : T*/T) 
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(4.56) 


where T* := inf S(T). Also using Lemma 9, we have T* = inf L^). 

Obviously TD W* where W* is defined in Lemma 7, and hence we have 

^ ^2* (4-57) 

Stated in words, when the family {T*, i E k} is used to design a detection filter, 
then the fixed spectrum of the filter is a subset of the invariant zeros of the system 
(C,A.\Li tjl). 

If elements of an are in the open left half complex plane, we call {T*, i E k} 
a good non-mutually detectable family . Clearly, if only the stability of the filter is 
required then a good non-mutually detectable family can be used as the solution of 
BJDFP. Also in this case an obvious modification of the procedure given in 
Theorem 10 can be used to place the assignable poles of the detection filter. 

Now we are in a position to state an interesting interpretation of mutual 
detectability in terms of the invariant zeros of some appropriate systems. Later on, 
this interpretation will be used in developing a numerically reliable algorithm for 
checking the condition of mutual detectability. 

Theorem 11: Let {T,*, *Ek} defined in (4.46) be output 

separable®. Then {T,*, i E k} is mutually detectable if and only if 

where i7, are the set of invariant zeros of (C,A,L,), and O is the set of 
invariant zeros of [C,A,[Li, . ,Lf.\). 


®Or equivalently, let 


, I 6 k} be output separable 


I 
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Proof; (if) Let D E Using Proposition 20 of Section 

2.3, we can rewrite (4.58) as 

a{A+DC : T*/}V*) = [t)’'.^^a{A+DC ; Ti*/Wi*). (4.59) 

where W* and T* are defined in Lemmas 7 and 9. Let us assume that T* 

k 

is not mutually detectable, and T := T*. Using Lemma 9 we 

know T C T*. But output separability of i E k) implies that 

a{A+DC-. r/yV*) = 7^*/^^*), 

and this clearly contradicts (4.59). 

(only if) Let D E be mutually 

Detectable. From the definition of mutual detectability and Lemma. 7 it 
follows that; 

(TiA+DC: T*/W*) = : T,*/W-*). 

Now (4.58) follows from Proposition 20 of Section 2.2. 0 

Note that in general, 17 D Therefore, mutual detectability states 

that the failure signatures, L,, should not combine with each other and create new 
zeros and zero directions . 

Because of the reliable software now available for computing the zeros of a 
multivariable system (13], the condition given in (4.58) can be readily verified. It 
should be mentioned here that in actual implementation, under mild conditions , 

i 

we only need to find the elements of J7 with their corresponding z^ro directions. 


^We assume that the elements of I? are distinct Our results can be extended to the cases where 
elements of f? have the same geometric and algebraic multiplicities (see .Appendix B), but we shall 
not treat these special cases here. 



- 110 - 


This information is enough to allow us to deduce the elements of J?,- from i7. We 
illustrate this point through the following observation. Without loss of generality 
we only consider Q^. Let G then there exist and such that 

z^I—A Li Vi 
C 0 

but this implies 

z^I—A [Lj, Z/2, ■ • • , Lj^ Vj 

Wj = 0. 

C 0 Jo 

0 

Thus every element of J? with zero directions as above is an element of Also 
J?l C J7; hence, using this procedure we can find all the elements of Qy 

Now we want to develop numerically reliable procedures for computing the 

detection spaces T*. Note that, even in the scalar case, the algorithm previously 

given is not numerically reliable because it involves the computation of In the 

following we use a procedure that is dual to the one given in [27] for reliable 

1 

computation of the supremal controllability subspaces. We can also compute T* 
using the dual of the elegant algorithm given in [43]. 

Proposition 12: Consider the system {C,A,B) and assume that the 
invariant zeros of this system have the same geometric and algebraic 
multiplicities (see Appendix B). Let W* ;= inf S* := inf S(3), 

and V be the subspace spanned by the state zero directions (see Appendix 
B) associated with the invariant zeros of (C,A,B). Then 



s* = © u 


(4.60) 
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Proof: Let X* and y* be respectively the supremal (A,B)-invariant 
and the supremal controllability subspace in Ker C. It is simple to show 
that S’* = + r* and y* = 'W* C\X* (see Exc. 5.17 [50]). In [27], it is 

shown that X* = y* 0 "V. Hence (4.60) is immediate. 0 

From Proposition 12, we know that T* defined in (4.46) is simply 

Ti* = ■W'.-* © V,-, 

where "W* has been defined in Theorem 6 and V,- is the subspace spanned by the 
state zero directions associated with the elements of Therefore, in the scalar 
case, (4.33) and V,- can be used to reliably compute 7^*. We shall later illustrate this 
procedure through an example. 

Now we discuss the generic solvability of BJDFP. 

Proposition 13: Let us assume A, C, and L,- are arbitrary matrices 
with dimensions nXn, Ixn, and nXk- respectively. jAJso let 
K := and assume /: > 1. Then BJDFP is generically solvable if 

and only if K <1. Also the family of detection spaces {T*, i G k} is 
generically mutually detectable if and only if K <. t. Moreover, if K—l, 
then generically the fixed eigenvalues of the filter are the same as a 
defined in (4.45). 

Proof: (if) If k- < /, then generically = L,. Also if K < I then 
generically the family {li',*, i G k} is output separable. Similarly if fc,- < /, 
then generically T* = and K < / implies that T* defined in (4.49) is 

L 

generically equal to L^, and hence the family {T,*, i G k} is 

mutually detectable. 

(only if) If K > I, then {CW*, i G k) cannot be an independent 
family and BJDFP does not have a solution. Moreover, if K=l, then T* 
defined in (4.49) is generically equal to X, and the family {7]*, I’Gk} 
cannot be mutually detectable. Using (4.56), it follows that in this case 
the set of fixed eigenvalues is generically the same as cTy^. 0 
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To illustrate the results of this sectioa, we design a detection filter for the 
example of Section 4.1. For this example k=2. Using (4.33), it follows that 
)V* = Im Zr,-, i G 2. Also the output images of {"W*, i G 2} are independent, and 
thus the family is output separable, and BJDFP is solvable. A simple computation 
shows that /?= {3}, and the corresponding zero directions are 


[v', ty'l = [1 0 0, 0 1). 

From the structure of w we deduce that i ?2 = {3} and = 0. Therefore, 
T 2 * = '^ 2 * 0 Im u and — hence the family {T,*, a G 2} is mutually 
detectable, and the spectrum of the filter can be assigned arbitrarily. Now let 
A 2 = {-2,-3} and = {—4} and use the procedure given in Theorem 8 to find a 
Dq such that a{A-\-DQC : 7j*) = .4,-. Using equation (4.37), G 
simply 



■ .5 3 ' 


’-.5 1 ' 

-1 

’-3 -4 ' 

1 

II 

1.5 -1 
1.5 2 


.5 0 


1 -2 
-2 -5 


Also using the insertion map of a € k}, it follows that 
Ai := [A+Df; -.T,*) = Q,C, := [C . T,*) = \-.h, 5]'. 

Thus = [8, 0] will place the spectrum of at s = —4. Similarly, 



' 0 1 ' 


’ 1 o' 

A-2 := {AaD^ ■ To*) = 

0 3 

, C,>:=(C:V) = 

0 0 


and 


Do = 


-8 0 
-30 0 



-113- 


will place the spectrum of A 2 +D 2 C 2 at s=—2 and s=— 3. Using (4.55), then 



r-6 

-14 ' 


‘-9 

-18 ‘ 

II 

1 

0 00 

I 

• 1 

, D = Dj. + — 

-7 

-2 

-6 

-9 


Note that for this example Tj* 0 7^* = X, and the last design step in Theorem 
10 corresponding to the construction of is absent. 


Now let us replace the second failure signature with L 2 defined as follows: 


L2 = 


0 

0 

1 


A simple computation shows that W* = I,-. Also the family i G k} is output 
separable, and hence BJDFP has a solution. Now let us compute the invariant 
zeros of (C,A,(Xi, L 2 ]). A simple computation shows f2 — {2}. Also computing the 
zero directions associated with this invariant zero we find 


[u u; T = [1 0 0, -2 1|. 

The structure of w implies that neither of the two systems {C,A,LJ have any 
invariant zeros; hence /?,• = 0. Clearly 7^* = W^*, and the family {7j*, ? G k) is 
not mutually detectable. Also the set of fixed eigenvalues of the resulting filter is 
simply £Tyj = {2}. Therefore, for this particular example the detection filter is 
always unstable, and the filter is useless. 

Note that the fixed eigenvalues are not always unstable. For example, 
replace the second failure signature with 

Io = 


0 

-1 . 
.5 
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A simple computation shows that W* = I,-. Also the family i G k} is output 
separable, and hence BJDFP has a solution. Now let us compute ^the invariant 
zeros of {C^A,[Li, L 2 ]). Carrying out the computations, we get f? = {—2}. Also 
computing the zero directions associated with this invariant zero we find 

(u', wT = (1 0 0, 2 -2]. 


The structure of w implies that neither of the two systems (C,A,L^) have any 
invariants zeros; hence i?,- = 0. Clearly T* = W*, and the family {7}*, i G k} is 
not mutually detectable. .Also the set of fixed eigenvalues of the resulting filter is 
simply (Tyj = {— 2}. Hence, for this family of failure signatures a stable BJDF 
exists. 

Now we illustrate the limitation of BJDFP through an example. The 
limitation follows from the fact that there are families of (C',A)-invariant subspaces 
which are not C output separable but are TC output separable for an appropriately 
chosen matrix T. Let us consider the following system 


A = 


C = 

with L := 


0 

0 

0 

1 

0 


1 

0 

1 

0 

0 

0 

0 


0 

0 

0 

0 

1 

0 

1 


0 

0 

0 

0 

0 

0 

0 


0 

0 

0 

0 

0 

1 

0 


0 

1 

1 

1 

0 

0 

1 



1 

0 

0 

0 

1 



0 

0 

1 

0 

0 



1 

0 

0 

1 

1 




[Lj, Lo]- simple computation shows that 


= (jG{1,2}). 


Hence = C'Wo* and these two failure events are not C output separable 

However, let us replace the C matrix by TC where 



I 


r= 


2 - 10-1 
0 0 2 0 
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This amounts to ignoring some part of the measurement space and is a perfectly 
legitimate operation. Now if we compute that is defined to be the smallest 
(rCjAI-invariant subspace containing 1,-, we get 


' 1 

0 ‘ 


'0 

0 ‘ 

0 

1 


0 

0 

0 

0 

II 

0 

1 

0 

0 


0 

0 

0 

0 


1 

0 


Clearly are TC output separable, and hence if we replace C by TC then the 
BJDFP will have a solution. We also remark that it is simple to show that the 
failure signatures and L 2 are strongly identifiable. Hence there are families of 
strongly identifiable failure signatures that do not have C output separable 
detection spaces . 

Note that when the failure events are scalars and the number of the failure 
events is the same as the number of the measurements, i.e., k=l, the BJDFP 
(without any stability requirement) is solvable if and only if 


Cl is invertible 


(4.61) 


(see (4.34) for the definition of /), and in this particular case there is no limitation 
to BJDFP. 

In the next section we shall formulate a more general version of the BJDFP 
which circumvents the limitations we have illustrated in here. 
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4.3 Restricted Diagonal Detection Filter Problem 

In the last section we formulated and solved BJDFP. Our objective in that 
section was to find an output injection map D so that the innovation due to each 
actuator failure is confined to an independent subspace of the output space. In the 
actual identification phase, one should use the projection of the innovation onto 
these independent subspaces. In this section we include these projection matrices 
in the problem statement and try to find them as part of the design process. 

To elaborate on this idea, consider the residual generator 
= (A+DC) w{t) — D y{t) + B u{t), 

r,(f) = Hi {C w{t) - y{t)), i 6 k. (4.62) 

In (4.62), the residuals r,(<) are simply different linear transformations of the 
innovation Cw{t)—y{t). Also, this processor has the same structure as the one given 
in (3.11) and (3.12) if we require that F= A+DC, E = D, G = B, and M, = H^C 
for some output injection map D . y -* X and measurement mixing maps 

Hi-.y - y. 

Let e{t] := Lu(f) — x(t) be the error vector. Using (4.62) and (3.10), we have 

r,(() = H,Ce((), >€k. (4.63) 

Now assume that a nonzero m,(f) should only have a nonzero effect on r,(f) and 
none of the other residuals (U, j 7^ More precisely we would like the system 
relating m,(<) to r,(/), i.e., {H,C,A+DC,L^), to be input observable. As we have 
indicated in the previous sections, when the m,(/) are scalars, this corresponds to 
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the left invertibility of the transfer matrix relating m,(s) to r,(s), and hence any 
failure mode will show up in the corresponding residual. 

This problem will be called the restricted diagonal detection filter problem 
(RDDFP). We call it restricted because the residual generator is of the same order 
as the system model. Also it is diagonal because the transfer matrix relating 

m(5) = [m{{s), . . . , m;t'(s)]' to r{s) = [ri'(5), .... r^'(s)]' 

is restricted to be block diagonal. Note that this formulation of the FDI problem, 
although restricted in the structure of the residual generator, does not have the 
limitation we mentioned at the end of Section 4.2.1, since such cases are taken care 
of through appropriate selection of the projection matrices i/,-. 

Let us denote the unobservable subspace of the i-th residual by 5,; then 

Si := <Ker HiC\A+DC> = <Ker C -f- S,\A+DC>, i E k, (4.64) 

where the equality in (4.64) follows from Proposition 15 of Section 2.3. Because a 
nonzero Tn^{t) should not affect r^(i) {j i), Im (j *) should be in the 

unobservable subspace of the i-th residual; hence, 

Also the system relating to r^{t) should be input observable or equivalently 

L,-n5, = 0, jEk. (4.66) 

Clearly, (4.64) implies that the family of subspaces {S,, I'Ek} should be 
compatible, i.e., the family (5,-, I’Ek} should be assignable as the invariant 
subspaces of a single observer (see Section 2 4). 
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Thus RDDFP can be stated as follows: Given A, C, and L,- (i G k), find an 
output injection map D : y —* X and a family of compatible u.o.s.’s {5,-, i 6 k) 
such that (4.64), (4.65), and (4.66) hold. The reader who is familiar with the 
restricted decoupling control problem (RDCP) [50, 49] can immediately recognize 
the duality between RDDFP and RDCP. 

We make the following assumptions in order to avoid trivial cases: 

1 . The family {£,•,* G k) is independent; otherwise 0 for 

some 1 G k, and (4.65) implies that £, D 5, 7 ^ 0 which contradicts 
(4.66). 

2 . The pair {C,A) is observable; otherwise factor out the unobservable 
subspace and work with the factor system. 

Let us define 

5,* := inf 5(£,), 1 G k. (4.67) 

Clearly {5,*, j'Gk} satisfy (4.65). Because S* (» E k) are infimal, a necessary 
condition for the existence of a solution to RDDFP is 

Si* n £,• = 0 , 1 G k. (4.68) 

Assuming the necessary condition is satisfied, it remains to determine whether the 
family (S,*, i E k} is compatible. If {S*, i G k} is compatible, then we are done. 
If not, the problem remains unsolved because there may be compatible u.o.s.’s that 
are larger than S* but satisfy (4.66). 

To illustarte some of the points, consider the following example: 

’0 1 0 1 Too' 

A= 000, £= 10, 

_0 0 1 J L ^ 1 J 
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c = r 1 0 0 1 , 

[o 0 1 _ 

where L := L<^. A simple computation shows 

$ 2 * = Li and Sj* = Lo. 

This implies that the failure signatures are strongly identifiable, i.e., the necessary 
condition in (4.68) is satisfied. Now a simple computation shows that -f- $ 2 * is 
not (C,A)-invariant, hence Sj* and 52* are not compatible (see Lemma 27 of 
Section 2.4). Also, for this particular example there does not exist any larger 
compatible family of u.o.s.’s; hence RDDFP does not have a solution. 

Even if the family {5,*, i G k} defined in (4.67) is compatible, it does not 
mean that the spectrum of A+DC is arbitrarily assignable. However, if {5,*, i G k} 
is codependent, then Proposition 25 of Section 2.4 can be used to assign the 
spectrum of A+DC. Now we state the condition under which the family of infimal 
unobservability subspaces {5,*, i G k) will be compatible. 


Proposition 14: The family of infimal u.o.s.’s {5,*, i G k} defined 
in (4.67) is compatible if and only if the dual radical of this family is 
(C,A)-invariant. 


Proof: (only if) The necessity is obvious and follows from the 
discussion of Section 2.4. 

(if) Let us denote the dual radical of the family {5,*, i G k} by 5 . 
From (2.68) 




J6k 


(4.69) 


By construction jL,- C S* and using (4.69) we have 
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S 




r ek 


Lr 


(4.70) 


Because EFPRG is solvable, we know {1^-, i G k} is an independent 
family. A simple computation shows that ihe right hand side of (4.70) is 
just g k ■^r Therefore 

Ml) 


Hence, from the definition of Sj* it follows that 

£; M c^c s ns/ c s/ U€k). (4.72) 

• » 

By hypothesis S is (C',A)-invariant; h€nce 5 D Sj* (j 6 k) are 
(C,A)-invariant. Let us define Sj := inf S{Sj*r\S) (; E k). Then the 
infimality of S* and (4.72) implies that Sj = S*. Using (2 63), we 
conclude that 


D(Sj* n 5 ) C D(S;). 


(4.73) 


Moreover, (4.73) also implies 

nye kBSj* n 5 ) c k^( (^.74) 

Now using (2.71) and the discussion in the paragraph following it, we 

\ 

conclude that {5,*, i E k} is compatible. 0 

When certain additional restrictions are added to RDDFP, the family of 
infimal u.o.s.’s satisfying these restrictions are automatically compatible, and hence 
the compatibility issue disappears and {S*, i E k} defined in (4.67) provide a 
solution to RDDFP. For e.xample, one of these restrictions is the requirement that 


Ker HC = Ker C 


(4.75) 
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where 

H := [H^, . . . (4.76) 

(We refer the reader to [34] for other special cases of RDCP which can be dualized 
to RDDFP.) 

Let us translate the restriction in (4.75) to a restriction on the family of 
u.o.s.’s {Si, i e k} defined in (4.64). Clearly, the requirement given in (4.75) is 
equivalent to 

nf^jKer H,C = Ker C. (4.77) 

From the definition of 5,-, we know 5,- C Ker H^C. Moreover, Ker C C Ker H^C, 
hence 


Si + Ker C7 C Ker H,C. (4.78) 

Using (4.77) and (4.78), it follows 

Ker C = nJ'^jKer H,C D + Ker C). (4.79) 

Therefore, the requirement given in (4.75) is equivalent to 

Ker C = n*^j(S,- -b Ker C). (4.80) 

Also if we use (2.10), it is simple to show that (4.80) is equivalent to 

= 0. (4.81) 


Now the solvability condition of RDDFP restricted to (4.80) is stated. 

Proposition 15: A solution to RDDFP restricted to (4 80) exists if 
and only if 


I 



KerC = n;„j(V + Ker C), 


(4.82) 


where S* := inf 5(£,). 

Proof: For the proof of the dual problem see [34). 0 

Recently, Descusse et. al. [11] have solved a less restricted version of RDCP 
(see also [24, 25]). The dual of their results amounts to restricting the output 
injection map D to the form DH where H is defined in (4.76). We refer the reader 
to [11] for more details. 

We also point out that quite recently Suda et. al. [42] (see also [12]) have 
found the necessary and sufficient solvability condition for RDCP. Unfortunately 
the author was unable to obtain a copy of their paper, and we shall not concern 
ourselves with this difficult problem because our whole purpose in introducing 
RDDFP is to exploit its relation with BJDFP, and to point out the duality existing 
between the FDI problem and the control decoupling problem. 

Now we address the pole assignability issue. Note that even if a family 
{5,-, j'€k} satisfies the conditions in (4.64), (4.65), and (4.66), and hence is a 
solution to RDDFP, there is no guarantee that the spectrum of A+DC can be 
assigned arbitrarily. To find the fixed eigenvalues of A+DC in this case, we proceed 
as follows. Let G n*_^D(5,); then obviously G D(S ) where S is the dual 

radical of the family {S,-, i G k}. Let 5 : 5 — *• JT be the insertion map, and define 

1 

« 

5,y := S-^Si = S-^<KeT H,C\A+D^C>. (4.83) 

Simplifying the right hand side of (4.83), we have 


5,r — <Ker H^CQ\AQ>, 
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• • 

where Cq C : S and := A+DC : S ; hence, are {Cq,A^ u.o.s.’s. Also 
from (2.70), it follows that the subspaces 5,y, i G It, are codependent subspaces of 
S . Moreover, using Proposition 2 of Section 2.1, the observability of [C,A] implies 
that {Cq^A^ is observable. Hence, using Proposition 25 of Section 2.4 it is possible 
to construct a Dq such that* 

a{A^+DQCQ : S ) = (4.84) 

where A,- are the same as the ones defined in Proposition 25 of Section 2.4. Also let 
us define D := D^S~^Dq where S~^ is the left inverse of 5; obviously D E D{S ) 
and 


A+DC ; S = A^+DqCq. 

Now it is enough to see whether it is possible to assign the spectrum 

♦ • 

a{A+DC : X/S) arbitrarily. This is possible if and only if S is a u.o.s. (see 

Theorem 17 of Section 2.3). But compatibility of {5,-, i E k} only implies that S is 
(C,A)-invariant (see Section 2.4). Hence the fixed spectrum of the filter is simply 

a{A+DC : S/S ), l (4.85) 

where S ;= inf S(5 ). 

We also point out that if the necessary solvability condition of RDDFP given 
in (4.68) is satisfied, i.e., the family of failure signatures {L,-, i E k} is strongly 
identifiable, then it is possible to construct a family of compatible extended 
unobservability subspaces which is an extension of the family (5,*, i E k}. We 


*Note that S 


plays the role of X in Proposition 25 of Section 2 4. 
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refer the reader to Appendix C for a discussion oi the extension procedure. 

In the next subsection, we show that if BJDFP has a solution, then the 
RDDFP subject to the restriction in (4.80) will have a solution. 


4.3.1 Relation Between BJDFP and RDDFP 


Let us assume that the family of the detection spaces i G k} defined in 
Section 4.2.1 is output separable and hence BJDFP is solvable. Define the family of 
subspaces {V*, i G k} as follows: 

V,.* := iDf MEjy 

Of course, the output separability of {T*, i G k} is equivalent to the output 
separability of the family of subspaces i G k} defined in Section 4.2.1. Using 
(4.41), it follows that i 




Wf. 


(4.87) 


Also the output separability of {W*, i G k} implies that 


n: 


, .cTi/* = 0. 


(4.88) 


Now using (4.87) and (4.88) we have 


= 0. 


(4.89) 


Also CV,* = CS* where S* is defined in (4 67). Hence the family of subsapces 
{S*, i G k} satisfies the condition in (4.81) (or equivalently the condition in (4.80)), 
and {5,*, i G k} is a solution to RDDFP subject to the restriction in (4.80). 

Recall that any family of failure signatures for which RDDFP is solvable is 
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aecessarily strongly identifiable (see (4.68)). Hence, using the above arguments it 
follows that any family of failure signatures with C output separable detection 
spaces is strongly identifiable . Note that the converse of this statement is not 
necessarily true as the example at the end of Section 4.2.1 illustrates. 

Once again let us assume that the family of subspaces {W*, i E k} defined in 
Theorem 6 b output separable, and hence BJDFP is solvable. Let us see whether it 
b possible to find the measurement mixing maps, given in (4.62) or (4.64), from 
the family of subspaces {)!/,•*, t E k}. Let E ’Using (4.41), 

E ^(V,-*). Moreover, from the definition of S* and V,* (see equations (4.67) 
and (4.86)) and equation (2.63), it follows that E Hence using Theorem 

19 of Section 2.3, S* b simply 

$i* = <Ker H,C\A+D^C> 

for any H,- satisfying Ker H^C = Ker C V*. But from (4.41), we know that 
~ i satisfy 

Ker //.C = Ker C + y- . , . W*. 

When the failure signatures are simply column vectors, i.e., the scalar case, 
computation of the matrices H, is particularly simple. Let us define 

^i* •= ih> • • • >h-vh+i> ■ ■ ■ 

where are defined in (4.34). Using (4.35), it follows that if,- is simply any 
maximal solution of H^C^* = 0. Obviously one such if, is 

Hi = I-[Cli*)(Cl*r‘. (4.90) 


In actual implementation, one only needs to compute the singular value 
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decomposition of Cl* from which the matrices follow immediately. 

Note that the matrices i/,- have a very interesting interpretation. In Section 
4.2, when BJDFP was formulated, we said that for identifying the i-th component 
failure, one should project the innovation onto the output image of the i-th 
detection space and check whether this projection is larger than a threshold, i.e., 
look for the i-th component failure in the i-th detection space. But multiplying by 
matrices H,- can be simply interpreted as not looking in the detection spaces of 
components other than the i-th one. For this reason it is more natural to refer to 
the 5,* defined in (4.46) as the undetectable space of the i-th failure signature 
instead of the detection space. This point will be made clearer when we state the 
solution of FDIFP in Section 4.5. 

As should be clear by now, when the detection spaces of the failure signatures 
are output separable, we can use the procedure in Section 4.2.1 to design a 
detection filter, and then use the matrices defined in here to generate the 
residuals r,(t). In the scalar case, which is practically important, this approach for 
assigning the spectrum of A+DC and finding the maps has a computational 
advantage over the procedure that is based on the computation of the dual radical 
of a family. 

4.4 Triangular Detection Filter Problem 

In the remainder of this chapter, we no longer consider the simple coding sets 
i?j- = {i}, and we shall go over other more complicated coding schemes. By doing 
so, it is usually no longer possible to detect and identify simultaneous failures, but 
instead a much larger class of problems can be solved Note that simultaneous 
failures are unlikely events in many applications, and assuming that they do not 
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1 


happen may not be unreasonable. 


The first problem in this category that we formulate and solve is the 
triangular detection filter problem (TDFP). Consider the system in (3.10) and the 
residual generator (4.62). In TDFP the objective is to design k residuals r^{t) {i £ k) 
such that a nonzero affects and possibly affects ro, . . . ,r^; a nonzero m 2 
affects T 2 without affecting but possibly affecting T 3 , . . . ,rj^, ...; finally a nonzero 
mjf affects rj^ without affecting r^, . . . ,rh_i. In the notation of Chapter 3, this 
process of relating the failure events to the residuals corresponds to the coding sets 
J?,- = { 1 } U -d,- where yl,- is some subset of {i+l, . . . ,k}. The input-output relation 
of TDFP is' shown in Fig. 4-2. 


m 


1 


m 


2 



— o r ( t ) 


^ 'll 




s 


r^(t) 


Figure 4-2: Input Output Relationship of TDFP 

As the reader may expect, the name triangular follows from the lower 
tringular structure of the transfer matrix relating m{s) to r(s) (see Section 4 3 for 
the definition of m(s) and r(s)). 

The concept of TDFP is an exact dual of the triangular decoupling control 
problem introduced and solved in [33]. Interestingly enough, this formulation is 
more applicable to failure detection and identification, since it is assumed that 
simultaneous failures are not possible. Even if simultaneous failures do occur, their 
presence in the#TDFP will not lead to incorrect identification as it may in other 



-128- 


coding schemes. In such cases, at least, the failure of the component with highest 
priority (i.e., the m^{t) with the smallest value of j) can correctly be identified. 

Using the statement of the problem, TDFP can be stated in geometric 
language as follows: Given A, C, and L,- (i G k), find an output injection map 
D : y —* X and a family of u.o.s.’s (S,-, i E k} such that 

Si := <Ker H,C\A+DC> = <Ker C + S,\A+DC>, i E k, 

<-} £ Sf •' 6 k-l, and 0 C Sj, (4.91) 

Sj r\Lj = 0 is k. (4.92) 

The requirement given in (4.91) implies that the failures of (i-fl)-th up to k-th 
component should not affect the i-th residual, and (4 92) implies that the failure of 
the i-th component should at least show up in the i-th residual. Now the 
solvability conditions of TDFP are stated. 

Theorem 16: Let (C,A) be observable. TDFP has a solution if and 
only if 

Si* n Li =0, i E k, 

where S* := inf Lj) (i E k-1), and Sf.* = 0. Moreover 

cT{A+DC:Si*_JS*) = .L, lEk, 
a(A-¥DC) = A„ 

where Sg* = X, and .4, (i E k) are arbitrary symmetric sets. 

Proof: The proof is the dual of the one given in [33j, and hence is 
deleted (also see Section 9 8 of [50]) 
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Referring to Theorem 16, it is clear that any strongly identifiable family of failure 
events satisfies the solvability conditions of TDFP. For such families, the order of 
the filter which solves TDFP is only n (same as the order of the system model), but 
for this family of failure signatures, RDDFP may not have a solution, and it may 
be required to extend the state space. The following is an example of an strongly 
identifiable family of failure events for which the RDDFP does not have a solution 


A = 


'o 

1 

0 ' 


'o 

0 ‘ 

0 

0 

0 

,L = 

1 

0 

0 

0 

1 


1 

1 


C = 


1 0 0 
0 0 1 


4 

where L := [L-^, L<^. Of course the solvability conditions of Theorem 16 are 
satisfied, since the failure signatures are strongly identifiable, but the failure 
signatures are not output separable and hence there is no solution to RDDFP (see 
(4.61) and remember that k=l in this case). 

However, the converse of the above observation is not true. Namely, a family 
of failure signatures satisfying the solvability conditions of TDFP is not necessarily 
a strongly identifiable family. To illustrate this fact, consider the following 
example: 



' 0 

0 

0 

0 ' 


’ 0 

0 ' 


' 1 ' 

A = 

1 

-1 

-1 

0 

' -^1 — 

0 

0 

, Lr> 

0 


-1 

1 

1 

0 

1 

0 


0 


0 

1 

0 

0 


0 

1 _ 


0 


' 0 

0 

1 

0 ' 






C = 

0 

0 

0 

1 
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Computing S* defined in Theorem 16, 




* 


1 0 

0 1 

0 -1 

0 0 


= 0 . 


Clearly, the solvability conditions given in Theorem 16 are satisfied, but it can be 
shown that the failure signatures are not strongly identifiable. 

The only limitation of TDFP, in a failure detection and identification context, 
is its inability to detect simultaneous failures; however, this is a minor shortcoming. 

Our last remark about TDFP concerns the case of simple sensor failure® 
From Section 4.3, we know that a family of failure signatures with output separable 
detection spaces is strongly identifiable. Also using the state space augmentation 
procedure given in Section 3.1, it is possible to model / sensor failures as a family of 
/ output separable pseudo-actuator failures. Therefore, there always exists an n-t-/ 
dimensional filter with arbitrarily assignable spectrum that triangularly detects and 
identifies any family of / sensor failures . 


4.5 Failure Detection and Identification Filter Problem 

In this section, we solve FDIFP introduced in Chapter 3. In all of the 
developments, it is assumed that only one failure is present at a time . Our other 
objective is to answer the following fundamental question: Given a family of failure 
events and assuming that there is only one failure present at a time, when is it 


Q 

By simple sensor failure we mean those sensor failures whose signatures are columns of the 
identity matrix. 
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possible to design a residual generator which can be used to uniquely identify the 
failed component. This question will lead to the introduction of the fundamental 
concept of an identifiable family of failure signatures . 

Before attacking the problem, let us more concretely define the coding sets /?,• 
(j E k) introduced in Section 3.1. First define an auxiliary coding matrix A = [S^j] 
with ^,y = 1 if » 6 for i E p, and ^,y= 0 otherwise. An element = 0 implies 
that the j-th component failure should not affect the i-th residual. Similarly, 
5,y = 1 implies that the the j-th component failure should affect the i-th residual^®. 
Hence, our goal is to design a residual generator such that the transfer matrix 
relating the failure events and the residual vectors is structurally the same as the 
coding matrix A defined . 

Before proceeding any further, let us give a simple example of a coding set 
and its associated coding matrix A, Assume that 6 failure events are present, and 
three residuals are defined such that J?.2={2}, i?3={l,2}, i?4={3}, 

J?5={1,3}, and J7g={2,3}. Using the definition of a coding matrix, we construct A: 


A = 


10 10 10 
0 110 0 1 
0 0 0 1 1 1 


(4.93) 


The coding scheme used in this example is called a binary coding . This is because 
the columns of A (e.g., (0, 1, 1] ') are just the binary representations of the 
corresponding column indices of A (e.g., 6). Note that if a unique ordering 
{1,2, . . . ,A:} is assigned to the set of failure events {£,, i E k}, then the binary 
representation of the index i (a E k) can be used to generate the coding sets. When 


affecting we mean that the transfer matrix relating the j-th component failure to the i-th 
residual should be input observable. 
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binary coding is used, the ai'miaium number, p, of residuals is simply 

P = [log2 (4-94) 

where [z] is the smallest integer such that [i] > x . It is simple to show that the 
number given in (4.94) is the minimum number of residuals required no matter 
what coding scheme is used. This is the major desirable attribute of the binary 
coding. However, intuitively, the probability of false identification associated with 
this coding scheme can be large. In the event of a failure, some of the residuals 
may not cross the threshold, and therefore a totally incorrect component can be 
identified as failed. 

Now let us consider some of the fundamental properties of the coding matrix 
A. First of all, no row of A should be identically zero, since this implies that none 
of the failure events affect the residual corresponding to this row, hence this 
residual is superfluous. Also, no column of A should be identically zero since the 
failure event corresponding to this column would not affect any of the residuals and 
therefore could not be detected. Most imporatantly, no two columns of A should 
be the same , since otherwise the failure of the components corresponding to these 
columns could not be distinguished from each other. Moreover, permutation of the 
rows and columns of A corresponds to a renumbering of the residuals and the 
failure events respectively. 

AJso let us define the sum (+) of any two rows of A as the Boolean or of the 
elements of one row with the corresponding elements of the other row. Using this 
definition, for example 

[1, 0, 0] + [1, 1, 0] = [1, 1, Oj. 


Clearly, any row of A which is the same as the sum of other rows of A is 
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redundant. For example, assume that for some coding matrix the first row is the 
same as the sum of the second and third rows. Then the residuals two and three 
are sufficient for FDI purposes, and the first residual is not necessary; however, this 
redundant residual may be useful in the decision making process. 

Now the coding matrix A associated with a family of coding sets is used to 
solve FDIFP. First define the finite set /’,• as the collection of all those j for 
which <5,y= 0. For example, the family /’,• (i E p) associated with the binary coding 
sets we used in the previous example is simply; 

Ti = {2,4,6}, r2={M,5}, T3= {1,2,3}. 

Note that the sets T,- (i E p) contain all the necessary information required for 
shaping the structure of the transfer matrix relating the failure events to the 
residuals. 

Now recall the FDIFP of Chapter 3. The objective of FDIFP is to generate p 
residuals, r^{t) (/ E p), such that when the j-th component fails, the residuals r,(t) 
for i E should be nonzero, and the other residuals all should be identically zero. 
Clearly we can think of FDIFP as p separate FPRG (see Section 4.1) corresponding 
to different rows of A which should be solvable simultaneously This follows from 
the trivial observation that each residual r,(<) can be generated separately from the 
others. Using the necessary solvability condition for FPRG (see Theorem 2) and 
the assumption that there is only one failure present at a time, a necessary 
condition for the existence of a solution to FDIFP is simply 

Sp. n Lj = o, je k-r,, i e p, (4.95) 

where 


l 
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5/-. := inf ij), .■ 6 p. (4.96) 

The condition given in (4.95) is also sufficient. Simply use the unobservability 
subspaces Sp. (i G p) to design p separate residual generators each being the 
solution to an FPRG corresponding to different rows of the coding matrix (see 
Theorem 2 for construction of the residual generator). Also all of our remarks in 
Section 4.1 about accommodating the effect of sensor and process noise and 
sensitivity of the solution are applicable here. 

To illustrate the design procedure, consider the following system: 
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Note that for convenience the failure signatures L^ are stacked in L. Now the 
problem is to design a residual generator for this example with the binary coding 
scheme we mentioned a while ago. The coding matrix A for this example is given in 
(4.93), The reader should note that the failure signature Lq is a linear combination 
of the failure signatures Lo and L^. First, the infimal subspaces Sp. defined in 
(4.96) are computed. Deleting the details, one can show . 

Sp^ = L2 ® Li ^ 

= -^1 © ^4 © ^5 
= Li © £2 0 ^3 



-135- 


A simple check shows that the necessary condition in (4.95) is satisfied. Hence Sp. 
can be used to design a residual generator according to the procedure in 
Theorem 2. It is clear that will be a third order filter, and the other two 
residual generators E 2 and will each be second order filters. Therefore, the over 
all residual generator is 7-th order. 

We also point out that if the columns of L are permuted (this permutation 
corresponds to a renumbering of the failure signatures), then the problem may not 
have a solution. To illustrate this, consider the permutation cycle (5,6). This 
permutation corresponds to the reordering "five becomes six and six becomes five.” 
However, if we still use the coding matrix in (4.93), it is immediate that the 
problem does not have a solution. This follows from the fact that (the new) is a 
linear combination of L 2 and L^. In practice, special care should be used in 
specifying the coding sets, so that trivial impossibilities like the above are 
eliminated. 

Now our objective is to show that for certain families of failure events, it is 
not possible to design a residual generator in the sense of Chapter 3 no matter 
what family of coding sets is used. For this we shall assume in the remainder of 
this section that the failure signatures are column vectors . 

The following result will be crucial to our derivation. 

i 

Lemma 17: Let {C,A) be observable, d{Li) = d(Lo) = 1, and 

Li C T 2 * where To* := inf SILq)- Then T^* = T 2 * where 
Ti* :=^nf Sdi). 

Proof: Since C T 2 * and 7^* is a u.o.s., T 2 * G i(i.i)- Thus the 
infimality of T^* implies that T^* C To*, and hence CT^* C CTo*. From 
Section 4.2, we know CTj* and C7^* are both one dimensional; thus 
CTj* = CTo*, or equivalently 
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Tj* -I- Ker C = -f- Ker C := V. (4.97) 

Also To* and Tj* are compatible since Ti*+To* = T 2 * is (C,A)-invariant 
(see Lemma 27 of Section 2.4). Let D£C]D{T*). Using (4.97) and 
Proposition 15 of Section 2.3, we have 

T2* = <V\A+DC> = Ti*. 

0 

Recall no two columns of the coding matrix are the same. Using this 
property, it follows that given any two distinct integers l,j E k, there should exist 
an i such that either 

ye/’.but (4.9s) 

or 

/ e A but y ^ r,-. (4.99) 

As in (4.46), denote the family of detection spaces associated with ^the family of 

« 

failure signatures {L,-, i 0 k) by (T,*,i 6 k}. If (4.99) holds, then obviously 
7f* QSf^. Similarly, if (4.98) holds, then Tj* C Sp^. Now using the necessary 
condition given in (4.95) and the argument in (4.98) and (4.99) it follows that given 
any l,j 6 k 

either L[ fl Tj* = 0 or D 7}* = 0. (4.100) 

Now using Lemma 17 and (4.100) we conclude that 

i^nr/ = o, (4.101) 


necessarily should hold . Because of Lemma 17, the condition given in (4.101) is 
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equivalent to 


£/nr/ = 0, ;G / € k. (4.102) 

Now we prove that the condition in (4.102) (or equivalently (4.101)) is also 
sufficient. Namely we show that if a family of failure signatures satisfies the 
condition given in (4.102), then there exists a family of coding sets for which the 
FDrPT, with the assumption that only one failure is present at a time, has a 
solution. Interestingly enough the solution is quite simple. Just use the poor man’s 
coding sets 

i?,- = {1 t-1,1+1, . . . M, *■ e k, i (4.103) 

to design k different residual generators such that the unobservable subspace of the 
i-th residual is simply T* so that the failure of the i-th component will not show up 
in this residual. From here, it is immediate that undetectable spaces is a more 
appropriate name for each of the subspaces {T*, i E k}, since if a failure signature 
is inside T*, then the effect of this failure will not show up in the residual r,(/) 
designed according to the coding sets in (4.103). 

A family of scalar failure signatures {L-, i E k} satisfying the condition given 
in (4.102) will be called an identifiable family of failure signatures . Note that if a 
family of failure signatures is not identifiable, then there does not exist any 
processor with which it is possible to detect and identify the failures in the sense of 
Section 3.1. 

The coding matrix corresponding to the poor man’s coding sets given in 
(4.103) has an interesting structure. This matrix is simply the complement of the 
identity matrix. Note that this might cause some practical difficulties in the 
decision making phase of FDI, because some of the residuals which are supposed to 
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cross the thresholds may actually remain quite small and hence no decision will be 
possible. Also note that the order of the residual generator which solves FDIFP 
with the coding sets given in (4.103) is generically k{n—l). Clearly this number can 
be quite large. However, the order of the filter can be substantially reduced if some 
of the results in Section 4.2 are used. 

The reduction procedure hinges around the idea of subdividing the family of 

detection spaces t'Gk} into g disjoint families of mutually detectable 

k 

detection spaces, i.e., finding T,- such that = q, T^^Tj = 0, and {7j*, i E Ty} 

is mutually detectable for each j E q. Note that mutual detectability implies that 
the set {7;*, t E Tj} should be output separable, and the invariant zeros of 
(C, A, {£/,-, i E Tj}) should be equal to the union of the invariant zeros of {C,A,L^) 
{i E Tj). Next we can use each of the mutually detectable families to design a 
BJDF. The procedure for designing these filters is outlined in Section 4.2.1. For 
example, the j-th detection filter will have the following form: 

Wj (f) = {A+DjC) Wj (<) - Dj y{t) + B u{t), 

r,.y(f) = Hij{CWj{t) - y{t)), {i E T^), (4.104) 

with Dj ^ rij g ^{j niaximal solution of = 0 (i E where 

/,• are defined in (4.34). With this choice of H-j, the failure of the i-th actuator 
(j E Tj) will not show up in r^J {t) but will show up in all other residuals s i 
and t 7 ^ j. It should be clear to the reader that in some applications other residual 
mixing maps may be more appropriate, and there is a great deal of freedom m 
choosing the The mam point is that the concept of compatibility and the 

results of Section 4.3 and 4 2.1 can be used effectively to reduce the order of the 
residual generator. 

We should mention that all of the results of this section hold equally as well 
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for discrete systems. Note that we are not referring to discrete models of 
continuous systems, because the failure of actuators of a continuous system can not 
be accurately modeled by an appropriate discrete system; however, if the sampling 
time is small enough, there should not be any difficulty in treating sudh problems. 

interesting characteristic of the residual generators for discrete systems is 
that we can assign the spectrum of the residual generator to the origin of the 
complex plane, and hence obtain a dead-beat behavior (e.g., the F matrix in (4.2) 
can be made nilpotent). These residuals are known in the literature as generalized 
parity relations [6|. It is clear that if there does not exist an FSO for a particular 
problem, then it is not possible to find any parity relation either, since parity 
relations are simply a special case of the residual generators we have considered in 
this chapter. In the next chapter, we shall further illustrate the relation between 
the generalized parity relations and the residual generators of this chapter. 

.As should be clear by now, geometric control theory and the concept of 
unobservability subspaces can be used effectively to solve many different 
formulations of the FDI problem, and the reader himself can formulate and solve 
other problems with any desirable coding sets using our geometric approach. 

In the next chapter, we shall reformulate and solve the problems we have 
defined in this section in terms of transfer matrices. 
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Chapter 5 

A Transfer Matrix Approach 

Ja this Chapter, we develop a procedure for constructing the residual 
generator by performing algebraic operations on rational transfer matrices. This 
approach enables us to unify the concept of failure sensitive observers with the 
generalized parity relations introduced by Chow [5] and Lou [29] and will lead to a 
numerically reliable procedure for computing the single sensor parity relations. 
Throughout this chapter we assume that the failure signatures are simply column 
vectors (i.e., the scalar case). It is not difficult to extend our results to the more 
general cases, but these general cases have more limited practical applications. Also 
we make extensive reference to the problems defined in Chapter 4, and it is 
assumed that the reader is relatively familiar with those problems previously 
defined. 

First some notation and definitions are explained. We denote by the 
ring of polynomiab in q with coefficients in the field of real numbers R. Also, R(g) 
and Rq(?) respectively denote the field of rational functions and the ring of proper 
rational functions with the coefficients in the field of real numbers. The symbols 
R”[gj (R”(g), Rg(?)) and R’'^^[qj (R’’^^(q), Rg^ "’(?)) respectively denote the n- 
dimensional column vector and the (rXs) matrices with entries in Rl?] (R( 9 ), 
Rg{ 9 )). Clearly, R'*( 9 ) is an R(g)-vector space; however, Rq( 9) is an Ro( 9 )-module 
(see Appendix A). 

We say G(g) £ R^^^(g) is invertible if its determinant is not identically zero. 
Similarly, G(g) £ R^^^(g) with n > s is left invertible if there exists an sXs minor 
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of G{q) which is not identically zero. In this case we say the subspaces spanned by 
the individual columns of G{q) are linearly independent, or G{q) has full column 
rank and is monic. Note that the subspace Im G(q) spanned by the columns of G(q) 
is simply defined as 

Im G(q) := {x(^) : x(q) = G(q)r(q), r(q) E R‘’(q)}. 


Also the linear independence of a family of vectors r,(g) E R'^(q) {* G k) over R(9) 
implies that 

E?=l = 0, Oi(q) E R(g), 


holds if and only if a,(g) = 0 (i E k). 

We define the leading coefficient of a vector r(q) E ^ nonzero 

coefficient in the expansion of r(?) in powers of .Also the smallest power of q~^ 
with a nonzero coefficient is defined to be the order of r{q). For example, the 
leading coefficent of 


r(q) = 


r 2 ±i 1 




• • 



0 


1 

<74-1 



gO + 


9^+1 

= 

0 

1 

1 

tit 
1 


1 


-1 


q ^ -f 


is simply [0, 0, 1]', and the order of r{q) is zero. We say r,(g) E R'^iq) (» 6 k) are 
properly independent [2ll if the leading coefficients of r^(q) (i G k) are linearly 
independent over R. 

In the frequency domain, causal LTI systems are characterized by proper 
rational matrices. Note that the set of proper rational matrices forms a 

ring with respect to ordinary matrnx operations. In other words, the parallel and 
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cascade connection of causal LTI systems is a causal LTI system. The units of this 

ring, i.e., the elements of the ring that have a multiplicative inverse, are of 

significant importance and in the literature are referred to as bicausal systems 

(21, 20). Note that bicausal systems are the only causal systems with causal 

inverses. By expanding G(^) € in powers of q~^, it is simple to show that 

C7(g) is bicausal if and only if lim G{q) is nonsingular. In other words, a square 

q -* oo 

system is bicausal if and only if its columns (or equivalently its rows) have order of 
zero and are properly independent. Note also that the set of bicausal systems form 
a group with respect to matrix multiplication; hence the cascade of two bicausal 
systems of equal dimension is bicausal. 

5.1 Frequency Domain Solutions of FDI Problems 

Let us assume that the dynamics of the system and the effect of the 
component failures can be described by the discrete model 

y(0 = (51) 

Tn{t) = 

with y{t) £ y [d{y) = /), u{t) G U [d{U) = m), and m^[t) E (d(M,) = 1). In 
(5.1), GJ^q) and G^{q) are proper rational matrices in the forward shift operator q, 
i.e., qu{t) := n(f-Hl) (we assume that G^{q) is strictly proper so that the actuator 
failures do not affect the output of the system instantaneously). As in Chapter 3, 
we can use G^(q) m{t) to model the effect of a wide variety of component failures. 
Also as usual, we assume that the failure modes are zero when no failure is 

present and are arbitrary when the i-th component of the system fails. For 
example, to model the effect of actuator failures assuming that the sensors are 
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perfectly reliable, we simply set G^{q) = G^{g). Similarly, if we assume that the 
actuators are perfectly reliable and want to model the effect of sensor failures, 
choose Gjjj(q) = To model the effect of the first sensor failure and the second 
actuator failure, take G^{q) = [G^^q), ej where is the first column of the /X/ 
identity matrix and G^^q) is the second column of G^{g). These few examples 
clearly illustrate that by appropriate selection of the columns of a wide 

variety of component failures can effectively be modeled. In what follows, we 
assume that the columns of G^[q) are either the same as some of the columns of 
GJ^q) or the columns of an Ixl identity matrix. This is because we are only 
concerned with modeling either sensor or actuator failures. 

Now let the triple {C,A,B] be an observable realization of the transfer matrix 
G„(«), i-e., 

G.(?) = C{ir-A)-'B, (5.2) 

with C and ql—A being right coprime (cf. |23|). Because of the assumption we 
made earlier, we can realize G^J^q) as 

G„(?) = C(,/-A)-l|i, 0| + [0, J\, (5.3) 

for appropriate matrices L and J^\ In the state space notation, we can rewrite 
(5.1) as follows: 

x(f+l) = A x{t) + B u(0 + [L, 0] m{t), 

y{t) = C i(f) -t- [0, J\ m{t). (5.4) 


^^Note that we can always realize GJ,q) and as in (5 2) and (5 3) by simply realizing the 

transfer matrix [G^{g), G^( 5 )|, and it is not required to restrict the columns of Gj^(q). The 
restriction that we imposed is for simplifying the exposition. 
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In (5.4), the state vector x{t) G ^ with d{X) = n. Also we define the observation 
space Z := y ^ U, and the observation vector z{t) ;= y{t) 0 u{t) G Z. 

In terms of transfer matrices, the objective of EFPRG (see Section 4.1.1) is to 
come up with a k dimensional residual vector r{t) by passing the observation vector 
z[t) through a causal LTI system characterized by the transfer matrix H{q), i.e, 


r(t) = ff(g) z(t) = (/f^(9), HM 


2/(0 1 . 


«(0 


(5.5) 


such that the net transmission from the input u(t) to the residual vector r[t) is zero, 
and the failure mode m,(2) only affects the i-th component of the residual vector 
r[t). In other words, the objective is to find a proper post compensator H{q) such 
that 


^(9)c?(9) = [-r(?).o], 


where the 0 in (5.6) is a kxm matrix. 


G{q) = 


^mi^) ^u(?) 
0 I 


(5.6) 


(5.7) 


and r(g) is a kXk diagonal matrix with nonzero diagonal elements T^[q). 

Moreover, when no failure is present, the effect of the initial mismatch 
between the state of the residual generator and the state of the system should die 
away so that the residual vector r{t) stays close to zero. The residual due to a 
nonzero initial condition x(0) is simply Hy{q)G ^{q)x{0) where 


GM := C{ql-A)-K 


(5.8) 
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Hence the transfer matrix Hy{q)G^{q) should be stable. Also the residual due to 
nonzero initial conditions of the post compensator should die away so we require 
that H{q) should be stable. 

The problem we have formulated has a very simple solution in terms of 
transfer matrices. 

Theorem 1: Assuming the failure events are scalars, EFPRG has a 
solution if and only if the transfer matrix is left invertible. 

Proof: (only if) If EFPRG has a solution, then there exists an Hy{q) 
such that Hy{q) G^{q) — —T{q). But T(q) is by definition full column 
rank; hence G^(q) should be full column rank or equivalently left 
invertible. 

(if) Let us denote the left inverse of G^(q) by G^~^{q). Using (5.1), 
we have 

m(t) = G^-l(q) y(t) - G^-\q) G,{q) u{t). (5.9) 

To generate the residual r{t), pass —m(l) through a diagonal filter T(q) 
with nonzero diagonal elements. It is clear that by appropriate selection 
of the diagonal elements of r(^) it is possible to arbitrarily assign the 
dynamics of the proper transfer matrix Hy{q) and Hy{q)G^{q) where 

= -r(?) (5.10) 

Note that in this case, 

Hj,) = r(,)G„-'(,)G„(,), (5.11) 

and the stability of //y(q)GJq) implies that ffj^(q) = —Hy(q)G^(q)B is 
stable. 0 


Using the above theorem, a family of scalar failure signatures {L,-, i E k) is 
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strongly identifiable (see Section 4.1.1) if and only if the transfer matrix 

Lt\ (5.12) 

is left invertible. 

When in addition to the observability assumption the pair (A,L) is 

controllable, the selection of the diagonal elements of T[q) is particularly simple. 

In this case, just let the numerator of T^{q) be the least common multiple of the 

denominators of the elements of the i-th row of G^~^{q), and set the denominator 

of r,(g) to any stable polynomial with a degree such that the i-th row of Hy(q) is 
12 

proper . 

Using this procedure, the transfer matrices fly{q) and Hy{q)G^{q) are clearly 
stable. Now we show that the controllability of (A,L) implies that Hy{q)Gg{q) is 
also stable. First, let D~^q) 'f'{q) be a left coprime factorization (cf. [23]) of G^{q). 
Also, let Nf^{q) Dji~^q) be a right coprime factorization of Hy{q). Using these 
definitions, HyG^ = and HyG^ — (to simplify the 

notation we have deleted the argument q). To prove the stability of HyG^ using 
the stability of HyG^, we have to show that any possible cancelation between 
D^Df^ and 'PB is a stable cancelation, since the polynomial matrices and I#' are 
left coprime and have only unimodular common factors. Because (A,L) is assumed 
to be controllable, the polynomial matrices Di and ^B are left coprime and using 
the generalized Bezout identity (Lemma 6.3-9 of [23]), we know 


i: 


Note that the non-mimmum phase zeros of G^(q) will automatically show up in the 


numerators of T[q). 
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1 

1 


1 

1 


1 

0 

i 

Dr Y* ^ 


1 

§ 

1 


0 / 


(5.13) 


for appropriate matrices D^, X, Y, X*, and Y*. (Note that all three block 
matrices in (5.13) are unimodular.) Multiplying both sides of (5.13) by the block 
diagonal matrix diag{Df^, /}, we get 


1 

1 

1 


■ -XD, Y ■ 


1 ■ 

0 

1 

Dr y* ^ 


_ DiDf, m 


0 I 


(5.14) 


Now let us denote the greatest common left divisor of D^[q)Df^{q) and ^q)B by 
Q{q). We know there exists a unimodular matrix U{q) (with block partitions Un, 
Ui 2 , ^2V ^ 22 ) Lemma 6 3-3 of [23]): 


[DiD„W 


(/ll U,2 


[Q,o 


^21 ^22 


(5.15) 


Multiplying both sides of (5.14) by U and using (5 15), we have 


1 

1 


■ iV/l Mo ■ 


0 ‘ 


1 

1 

1 

% 

> 


Q 0 


t 

0 

1 


1 

to 

1 


(5.16) 


for appropriate matrices and Mo- Using the unimodular property of the block 
matrices in the right and left hand side of (5.16), it follows immediately that 


det (Q(^))Xdet (Mo(g)) = constant Xdet {Df^{q)). 

Also the stability of Hy{q) implies that det (D/^(q)) = 0 has stable roots. Hence the 
roots of det (Q(<?)) = 0 are stable, and using the stability of it follows that 

HyGg is stable. 
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Let us illustrate the above procedure through an example. Let 


G„(g) = GJq) = 



0 

1 • 

g-1 J ' 


The left inverse of G^{q) is simply 





0 

7-1 


Let us choose T^{q) = l/q^ (for dead-beat response). Then using (5.10), 


= 


-1 0 
1 ~q~^+q~“ 


Also using (5.11), 


= 


7-2 0 


0 7 '- 


Translating back to the time domain 


r^{t) = «i(f-2) - yi(f), 

^ 2(0 — “2(^-2) + 7i(0 - + ^2(^-2). 

(The subscript denotes the component of a vector, e.g., rj(^) is the first component 
of the vector r{t).} Note that rj(t) and ro(<) are simply the parity relations (see 
Section 1.1 for definition and for a complete treatment of the subject see [5, 29|) for 
identifying actuator failures. It is clear that these relations are obtained by 
assigning dead-beat dynamics to the residual generator, and the parity relations are 
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1. The columns of G^{q) are properly independent. 

2. There exists a bicausal L{q) such that l{q)G^[q) is diagonal with 
nonzero diagonal elements. 

Proof: We refer the reader to (21] for the proof of the dual problem. 

0 

(We refer the reader to [21] for the solution of RDDFP with stability.) Note 
that the necessity of the second condition is obvious because the Hy{q) given in 
(5.17) is bicausal. However, the above theorem implies that if there exists any 
bicausal matrix L{q) that diagonalizes G^{q), then L{q) can be realized with output 
injection as in (5.17). 

The reader should be quite careful in interpreting the above result, since 
given any arbitrary Ixl bicausal matrix I^q), it is not always possible to realize L{q) 
with output injection as in (5.17). The conditions under which this is possible are 
given in [20] and here we only state the result. 

Proposition 3: Let L{q} be an Ixl proper rational matrix, and 

Z?“^(q)N(q) be a left coprime factorization of C{ql—A)~^ with [C,A) 
observable. The transfer matrix L(q) is realizable as in (5.17) if and only if 
L{q) is bicausal and D{q)L~^{q) is a polynomial matrux. 0 

Note that when /=0, the condition of proper independence on the columns of 
G^{q) is equivalent to the condition given in (4.61). This can be shown by writing 
(see [26]) 

G„(?) = C{qI-A)-'L = sjjj Cad,(,/-.-l)L (5.19) 

= zb Cllq"-' + iA+<i„_^r)q'‘-- + ■■ 

PAGE 8UVNK NOT RUWED 
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where A{q) := det{qI—A) = • • • +aiq+OQ. Clearly, the leading 

coefficients of the columns of G^{q) are CA^iL^ where is the smallest integer 
such that CA^iL^ 0 [CA^iL^ is the first nonzero Markov parameter of the 
system relating the i-th failure event to the output). Thus the condition of proper 
independence is equivalent to the condition given in (4.61). 

When the number of measurements and scalar failure events is not the same, 
it is not yet known what are the necessary and sufficient conditions for the 
existence of a solution to RDDFP. This fact was pointed out in Section 4.3. 
However, a simple sufficient condition is that the columns of G^(q) should be 
properly independent . Also a slight generalization of the above statement is as 
follows. 


Proposition 4: If there exists a constant matrix T such that 

rank rc^(g) = rank (?^(g) and such that the columns of TG^{q) are 
properly independent, then the RDDFP has a (not necessarily stable) 
solution. 0 


Note that the transfer matrix G^(q) for the last example in Section 4.2.1 is 


GJg) = 


q ^+q ^ q ^ 
g-1 q-i 

0 l/(?2-l) . 


Clearly the columns of G^(q) are not properly independent; however, if we let 

2 -1 0 -1 ' 

T ^ , 

0 0 2 0 


then the columns of 




l3T¥TT?i 




"Page missing from avaiiable version” 
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and is left invertible. 

Proof; (only if) If (5.23) does not hold, then there exist failure 
modes mi{t) and m 2(0 with transforms 771 ^( 7 ) and m 2 {q) such that 
G^l{q)mi{q) = H®^ce these two failures can result in the 

same output and cannot be distinguished from each other. Also the null 
space of Hy(q)G^i^(q) is a subspace of the nullspace of G^i(g). Thus if the 
null space of G^^(^) is nonzero, it is impossible to find Hy{q) so that the 
condition in (5.22) is satisfied. 

(if) Let the left invertible matrix ^ 2 ( 7 ) have the same image as 
Gm2(Q) ^ome K[q)), and define 

Goiq] := [G^i(g), G2(g)|. (5.24) 

Let N{q) be the first Atj rows of any left-inverse of Go(g) (which exists 
since (5.23) holds). Clearly, there exists an appropriate stable J\q) such 
that 


Hy{q) = -T{q)N{q) (5.25) 

is proper and stable, and also T {q)N{q)G ^{q) is stable. Let 
H^{q) = —Hy(q)Gj^(q], Now H(q) satisfies the requirements in (5.21) and 
(5.22), and hence is a solution to FPRG. 0 

Next consider the FDEFP formulated in Section 3.1 and solved in Section 4.5. 
Let us assume that there is only one failure present at any time, and that the 
failure events are scalars. .Also assume that the dynamics of the system are 
governed by (5.1). As explained in Section 4.5, FDEFP with its associated coding 
sets is just a combination of several FPRG’s which need to be solvable 
simultaneously. Using the result of Theorem 5, it follows that the FDEFP has a 
solution if and only if 

PAGE gLANK NOT RLMcD 
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Im G^. n Im j?)) = 0, for ; G k-r,-, i G p, (5.26) 

where {q) is the j-th column of G^{q). (Since G^ {q) are column vectors, the 
condition of left invertibility of G^j^J^q) given in Theorem 5 is automatically 
satisfied.) 

Using the coding sets in (4.103) and the solvability condition in (5.26), it 

follows that a family of failure signatures {L,-, i G k) is identifiable (see^4.5) if and 

, Section 

only if 

Im [C{qI-A)-^Li] n Im [C{qr-A)-^Lj] = 0 (5.27) 

for any distinct t, j G k. 

Interestingly enough, the solvability conditions of the FDI problems we 
formulated in Chapter 4 are quite simply expressible m terms of transfer matrices, 
and they depend on various independence properties of the columns of the transfer 
matrix relating the failure events to the output of the system. However, 
performing algebraic operations on transfer matrices is not simple and reliable at 
all, and this is the major advantage of using a time domain approach to the FDI 
problem. 

We also mention that all of our results in this section are based on the 
fundamental assumption that the failure modes m^{t) are arbitrary, and hence can 
have any proper rational function as their transform. However, if we restrict the 
class of the failure modes, then the whole picture of the problem changes. This 
fundamental observation is inherent to the Ro( 9 )-module structure of Rq( 9)- We 
shall further clarify this point in Section 6.2. 

In the next section we discuss single sensor parity relations in detail. 
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5.2 Single Sensor Parity Relations 

A very simple residual for detecting and identifying sensor failures is found by 
forming a linear combination of the finite past and present output of a single 
sensor. This combination is chosen to be zero when the sensor is functioning 
properly but nonzero when the sensor fails. We call this form of a residual a single 
sensor parity relation (SSPR). (It will be shown shortly that SSPR’s are special 
cases of the generalized parity relations discussed in Chow [5] and Lou [29].) To 
illustrate the idea, assume that we are at time and we combine, with 
appropriate weightings, the measurements of the i-th sensor from the past time t 
up to the present time . Using the known dynamics of the system and 

assuming that the actuators are perfectly reliable, 

* 

y,(0 c/ 0 0 0 u{t) 

Viit+l) c/A c^'B 0 0 u{t+l) 

= . x(0 + . . . . 5.28) 

y,(l+s)J [c/A"J c/R J [ u(t-}-s-l) _ 

We can rewrite (5.28) as 

^3 - y,(0 = -P 3 ^(0. (5.29) 

where y,(0 = [y,(0. y,(^+l); • • ■ u'(^+l), • • ,«'(<+s-l)|', 

and r, and P, have obvious correspondence with the matrices in (5 28). A single 
sensor parity equation r^{t+ 3 ) is simply defined as 

r-(f-hs) := Q'(r^ u(0 - y,(<)), (5.30) 

13 

To simplify the notation we use 3 instead of 3 ^. 
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where a' is some row vector such that a'Pg = 0 (compare with the results of Chow 
[5]). Note that for appropriately large s, it follows from the Cayley-Hamilton 
theorem that such a always exists. Now using the definition of a, it is clear that 
is zero when the sensor is functioning properly, but in the presence of a 
failure in the i-th sensor this residual becomes nonzero; hence it can be used to 
detect and identify the failure of the i-th sensor. (Recall that for the moment the 
actuators are assumed to be perfectly reliable.) Let the components of a be as 
follows: 


a' = [oq, Oj, . . . , q;3_i, Ij. (5.31) 

For normalization purposes and without loss of generality, we have set the last 
component of a to 1. Now rewrite (5.30) as 

u(f) - ^o(?) y(0, (5.32) 

where 


^o(?) = ?'’ + ^ + • • • + 0^1? + “0 

i’M = + • • • + O'! 


i’a-liq] = q + Qs-i 
^3(9) = 1- 

Clearly, the polynomials 0^ {q) satisfy the backward recursion 

0j_l(g) = i>j {q)q + Qj-i, {j e s), rp^iq) = 1. (5.33) 


Note that the elements of the vector a are the only unknowns in (5.32). Also 
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the length of the window 3 has not yet been specified. Of particular interest are 
those parity relations for which the length of the window is minimal. We refer to 
these residuals as the minimum length SSPR (also see [29]). Interestingly enough, 
this problem has a very simple solution. W e can rewrite a'F^ = 0 as c/0q(A) = 0. 
It follows from here that the polynomial ipQ{q) is simply the minimal annihilating 
polynomial of c,-' with respect to A. (See Chapter 5 of [16] for the definition of the 
minimal annihilating polynomial of a vector with respect to a linear operator.) 
This fact can be restated in more familiar terms if we change the basis by an 
appropriate similarity transformation. Let us define the transformation 
z{t) = Tx{t) where T ;= [Q', Pg-i] ' with as before and Q any matrix such 
that r is nonsingular. Note that when s is minimal, the rows of Pg^i are linearly 
independent, and the last row of is a linear combination of the rows of In 

the new basis, the transformed matrix A^ = TAT~^ and the transformed 
measurement vector c,/ = c^'T~^ will have the following structure 




^2 




A,= 







0 

A) . 




c,-/= 1 

[0 

1 



(5.34) 

where 







0 

1 

0 

0 


Aq = 

0 

0 

1 

0 



. -®o 

-“1 -0^2 

-a,-l . 


^0^ ~ 1 

[ 1 

0 

0 

0 I 

(5.3S) 


It is clear that the pair (co',-4q) is observable and the polynomial rpQ{q) is simply the 
characteristic polynomial of A^. In other words, the minimal annihilating 
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polynomial of c,' is the product of the terms (?— Xj) where are the eigenvalues 
corresponding to those modes of A which are observable from c/. (We define the 
observable subspace of an arbitrary pair [C,A) as the- smallest A '-invariant 
subspace containing the Im C'.) 

This interpretation provides us with a numerically reliable procedure for 
computing the coefficients of the polynomial needs to find the 

observable modes of (c,',A) using a numerically reliable algorithm (see [28, 43, 37]). 
One of the simplest solutions is to choose a random n vector d-^ and compute 
ctq = (t{A) and = c[A^d-^c-\, the unobservable spectrum almost surely 
consists of the set of common elements of &q and (Tj. Let 

V>oW= n (?->')■ (5-36) 

Knowing 0 q( 9)> compute c^i}j{A) (see (5.32)) using the backward recursion 

in (5.33). Note that we only need to compute {A) and not the computationally 
more expensive terms tpj (A). Also, if in the process of computing the unobservable 
modes, a reliable canonical projection P: X -* X/S for the unobservable subspace 
S of [c^,A) is computed, then use the factor system (cq',.4q) (see Section 2.1 for the 
definition of a factor system) can be used in place of (c,',A) in (5 32). Note that the 
coefficients of the minimum length SSPR do not depend on the particular basis 
used for computing them and are invariant under similarity transformation. 

We also point out that the residual in (5.32) is simply the innovation of a 
dead-beat observer which asymptotically reconstructs the portion of the state space 
in the factor space XjS. In other words, to find^he minimum length SSPR for the 
i-th sensor, simply factor out that part of the state space which is unobservable 
from the i-th sensor and then construct a dead-beat observer for the remainder of 
the state space. The innovation of this observer is the residual that we are looking 
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for^**. The relation between these residual generators and the ones we proposed at 
the end of Chapter 3 which are known in the literature as Clark’s dedicated 
observers (7j should now be obvious. 

Let us rederive the results of this section using an algebraic approach. The 
output of the i-th sensor can be written as 


y,(0 = + i/)(g) B u(t), (5.37) 

where 0 ,( 7 ) 6 R”!?! and i/>(g) are a coprime factorization of c/(g/—A)~^, and m,{t) 
is an arbitrary unknown scalar function representing the effect of the failure. 
Reordering (5.37), we have 

= y.(^) - i/j(g) B u{t). (5.38) 

Now we generate the residual r^(f) by filtering m,(t) through any one-to-one linear 
system satisfying certain stability requirements. In order to assign the dynamics of 
the residual generator to arbitrary locations inside the unit circle, we simply take 


... ... 

'‘.(0 = - w(?) 


(5.39) 


where ^(g) is any arbitrary polynomial ( which should be set equal to a constant for 
the minimum length parity relation) , and u/(g) is any desired stable polynomial with 
an order at least as large as the order of fi{g)tp(g] (the minus sign in (5.39) is for 
convenience and consistency with the previous results). Note that when the residual 


an appropriate basis, the coefficients of elements of the observer gain 

vector. 
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is generated as in (5.39), the transfer vector relating the effect of the initial 
condition r(0) on the residual r,{<) is simply which is stable. 

Substituting (5.38) in (5.39), we have 



w(,) y,((). 


(5.40) 


If we choose u(q) = q^ for some appropriate integer s, the residual generator will 
exhibit a dead-beat response and the rational function coefficients of j/,(<) and u{t) 
in (5.40) can be rewritten as polynomials in the backward shift operator q~^, i.e., 
the residual generator will be a finite impulse response (FIR) filter. 

Note that using the definition of ip{q) and <j>/{q), we have 


I /<(9)0/(9), -/^(9)V'(g) 1 


ql-A 


(5.41) 


Hence the parity relation is simply a polynomial vector in the left null space of the 
singular pencil P{q) = [c^, ql—A']'. This interpretation of a parity vector is 
discussed in detail in [29j. (Note that because c,- is just a vector, the left null space 
of P{q) is one-dimensional, and using some of the results of [23], the order of the 
minimal basis for this null space, i.e., the left Kronecker index of P{q), is simply 
the observability index of [c^,A).) 

We now show that the polynomial V'(g) in (5.40) is the same as the minimal 
annihilating polynomial 0 q( 9) defined earlier in this section. Note that 


= c,'{ql - A)-\ (5.42) 


and the only possible cancellations on the right-hand-side of (5 42) are because of 
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the possible unobservable modes of {c',A). If we denote the common factors of 
c/adj(q/—A) and det(g/ — A) by it is clear that ^(g) = det (q/ — A)/'^g} 
which is equal to ^o(?)- reader should note the relation between the 

recursive polynomials in (5.33) and the method of Faddeeva [16, 23] for computing 
the adjoint of ql — A. 

We conclude by mentioning that the results of this chapter are applicable to 
continuous systems as well. Clearly, the dead-beat response is a characteristic of 
discrete systems, and this is the only special result of this section that does not 
extend to the continuous case. 


« 
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Chapter 6 
Conclusion 


6.1 Summary 

In this thesis, we have formulated and solved several fundamental problems in 
failure detection and identification (FDI) theory. It has been shown that the 
solvability conditions of many FDI problems depend only on how the failure events 
affect the output of the system, and many of these properties are invariant under 
state feedback or output injection. 

We first in Section 4.1 considered the problem of identifying the failure of a 
component, given that there are two possible faulty components in the system. 
More specifically, the objective was to generate a residual that is affected only by 
the failure of one of the components and not by the failure of the other. We 
showed that through appropriate selection of the output injection matrix D and the 
measurement mixing map H, it was possible to change the observability properties 
of {HC,A+DC) in such a way that one of the failure events becomes unobservable 
from the residual. Hence the occurence of this failure event does not show up in 
the residual. Interestingly, the solution of this problem is completely characterized 
by the fundamental geometric concept of an unobservability subspace, which we 
reviewed in Section 2.3. This problem can in fact be used as a practical motivation 
for defining such subspaces. 

Next in Section 4.1 1 we formulated the extension of the fundamental 
problem of residual generation (EFPRG) in which a family of k possible failure 
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events is present and the objective is to generate k residuals such that the failure of 
the i-th component only affects the i-th residual. If it is possible to generate such 
residuals, one can identify the component failures even if more than one failure is 
present at a time. The solvability condition of the EFPRG led to the introduction 
of the fundamental system theoretic concept of a strongly identifiable family of 
failure events. If a family is not strongly identifiable, there are combinations of 
failure events that result in the same output, and hence it is not possible to 
distinguish between these failure events (even if a non-linear processor is used). 
Also, using a frequency domain approach in Chapter 5, we showed that a family of 
scalar failure events is strongly identifiable if and only if the transfer matrix from 
these failure events to the output of the system is left invertible. 

Note that when we are modeling the effect of all actuator failures, the failure 
signatures are simply the columns of the control effectiveness matrix B and the 
solvability condition states that the transfer matrix C{sI—A)~^B should be left 
invertible. Since the invertibility of the transfer matrix is invariant under state 
feedback and output injection (C(s/— A)“^J5 is left invertible if and only if 
C[sI—A—BF—DC)~^B is), the solvability of the problem does not depend on 
whether the residual generator is designed for the open loop system (as is done in 
this work) or for the closed loop system {C,A+BF,B). 

We later in Section 4.2 generalized Beard’s formulation of the FDI problem 
(3). Beard’s approach was based on the idea of designing a full order observer for a 
given observable system, and choosing the observer gain matrix D in such a way 
that the failure of different components show up in independent subspaces of the 
innovation space. By restating Beard’s formulation of the FDI problem in 
geometric language, we clarified the concepts of output separability and mutual 
detectability. We showed that the issue of mutual detectability comes into the 
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picture when the failure signatures {L,-, i G k} combine with each other and create 
new invariant zeros; these zeros are the fixed spectrum of the resuiting observer. 
Moreover, we illustrated some of the fundamental limitations of BJDFP through an 
example. It was shown that there are families of failure events which are not C 
output separable but are TC output separable for some appropriate matrix T, i.e., 
the innovation vector due to different failures can not be confined to independent 
subspaces, but some linear transformation of the innovation can be confined to 
independent subspaces. Later in Chapter 5, it was shown that a family of scalar 
failure events is C output separable if and only if the columns of the transfer 
matrix relating the failure events to the output of the system are properly 
independent. 

In order to generalize Beard’s formulation of the FDI problem and circumvent 
some of its limitations, we introduced the restricted diagonal detection filter 
problem (RDDFP) in Section 4.3. The objective of RDDFP was to generate the 
residuals as different linear transformations of the innovation of an ordinary full 
order observer. It was shown that RDDFP is a restricted version of EFPRG and is 
an exact dual of the restricted control decoupling problem (RCDP). Because the 
solution of the RCDP in its most general form is not known presently, it follows 
that RDDFP in its most general form is presently unsolved. We later showed that 
if the number of the scalar failure events is the same as the number of the 
measurements, RDDFP has a (not necessarily stable) solution if and only if the 
columns of the transfer matrix relating the failure events to the output of the 
system are properly independent 

Next we considered more complicated FDI problems which were based on the 
idea of systematically coding the way the failure events show up in the residuals. 
Obviously, by going to more complicated coding schemes, it was no longer possible 
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to detect and identify simultaneous failures, but this was considered to be a minor 

shortcoming, since in many applications simultaneous failures are highly unlikely. 

By making such an assumption, we showed that the most general coding scheme is 

to generate k residuals such that the failure of the i-th component does not affect 

the i-th residual but affects all other residuals. Using this fact, the concept of an 

5.1 

identifiable family of failure events was defined. Later in Section we showed that a 
family is identifiable if and only if each column of the transfer matrix relating the 
failure events to the output of the system spans a different subspace of R”(g). 

Moreover, the relation between parity relations and other residual generation 
techniques of Chapter 4 was exploited. We showed that by assigning the spectrum 
of the residual generator to the origin of the complex plane, one obtains a finite 
impulse response (FIR) filter which is the same as a so-called parity relation. Using 
our approach, we can equally as well find the parity relations for the case of 
actuator failures; using other approaches [5j, this may be a difficult task for certain 
problems. It was also shown that the minimum length single sensor parity relations 
are simply the innovation of a deadbeat observer designed to reconstruct that part 
of the state space which is observable from the sensor. This interpretation clarified 
the relation between these single sensor parity relations and Clark’s dedicated 
observers for identifying sensor failures [7j. 

It should be stressed that almost every residual is the prediction error of an 
appropriate estimator or observer. By using the past measurements and inputs of a 
system, one predicts the present value of the measurement and subtracts it from 
the measured value. If all components are functioning properly, this prediction 
error should be zero (ideally); however, when a component of the system fails, the 
prediction error will be nonzero. The challenge of the FDI problem is to generate 
the prediction errors by estimating different subspaces of the output space in a way 
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that enables us to uniquely identify the failed component. Our contribution is that 
we have provided a systematic procedure for doing exactly this task. 


6.2 Recommendations for Future Research 


We point out that all of our results in this thesis hinge around the idea that 
the failure modes of the components are arbitrary and are not known before hand. 
This assumption is quite desirable in applications where it is difficult to guess the 
nature of a component failure, and this attribute distinguishes our approach from 
many other approaches which are tuned to specific modes of component failures 
(see [48] for some examples). 


However, the assumption that the failure modes are arbitrary translates into 

* 

the fact that the transform of the failure modes can be any proper rational 
function. It can therefore be argued that this assumption is too restrictive. Rather 
it might be more reasonable to assume that the failure modes belong to a subset of 
the ring of proper rational functions. We now illustrate that when the failure 
modes are restricted, it may be possible to identify a failure within a family that is 
not identifiable in the sense defined in this work. Consider the following two-input 
two-output causal LTI system 


G„(?) = 


- '’ll?) 

'’ll?) 

3i(q)A<}) 

31 (?) 

ro(q) 

ro(<?) 


32(9) - 


( 8 . 1 ) 


Assume we are concerned with characterizing the effect of actuator failures, and 
hence let Gj^{q) = G^{q). It is clear that the failure events are neither strongly 
identifiable nor identifiable (see (5 27)). Now denote the transform of the failure 
modes by m^{q) G Ho(9)> temporarily denote the 
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order of a polynomial n(g) by n. It is clear that if 

5 *^ (®- 2 ) 

then the two failure events always generate different outputs, i.e., when (6.2) is 
satisfied, 


( 6 - 3 ) 

Hence, if for example it is assumed that the failure modes belong to the set of 
rational functions with a fixed specified difference between the order of the 
denominator and the order of the numerator, then for all failure modes within this 
set it should be possible to distinguish between the failures. Note that this 
observation has its roots in the Ro(g)-module structure of However, carrying 

out the details and determining the solvability condition for the general problem 
does not seem to be simple, and it is an interesting topic for future research. 

Another interesting topic is to extend our results in Section 5.2 for the single 
sensor parity relations to the case of multiple sensor failures. Specifically, given a 
subset of all sensors whose indices are collected in an index set a, we want to find a 
parity relation of minimum length such that a failure of a sensor within this subset 
results in a nonzero residual. Let us denote by D~^[q)N{q) a left coprime 
factorization of where the rows of are simply c/, i G c .Also 

assume that the rows of are linearly independent and the polynomial matrix 
D{z) is row reduced (23|. Using the results of Section 5.2, the residual generator has 
the general form 



w(g) 


Bu{t) - 


/t'(g)Ag) 

w(?) 


y<7(0- 


(6 4) 
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where the polynomial row vector fi’(q) should be chosen such that the vector 
n'{q)D(q) has no zero entry . This requirement guarantees that if the i-th sensor 
with i E <T fails, then the residual r^(t) will be nonzero. (We assume that there is 
only one failure present at a time.) Also the stable polynomial u{q) is chosen so 
that the rational matrix coefficient of y^{t) in (6.4) is proper. Note that the effect 
of a nonzero initial condition x(0) on the residual r^(t) is simply —ti'{q)I^{q)/<^{q) 
which certainly dies away since o;(g) is stable. (This is the reason for working with 
a left coprime factorization of C^{ql—A)~^ and not C^{qI—A)~^B.) 

It seems that constructing a residual generator with an order equal to the 
observability index of (C^,A) is quite simple, since the vector ^’D{q) will have all 
nonzero entries for almost any random constant row vector n'. Also the degree of 
li'D{q) is at most equal to the largest of the row degrees of the polynomial matrix 
D{q) which is the observability index, or equivalently the largest Kronecker index of 
the singular pencil P{q) = [ql—A', 

Using the results of Lou [29], it is immediate that the set of all the parity 
relations involving the sensors in cr corresponds to the left null space of P(q), e.g., 
[fi'{q)N{q), —n'{q)D{q)] is a polynomial row vector in the left null space of P{q). 
However, Lou [29] did not mention how to construct the parity relation of the 
shortest length such that any failure of a sensor within the set shows up in the 
residual. The importance of this problem and its advantage over the Clark’s 
observers we mentioned in Section 3.2 is as follows. Using Clark’s approach, given 
the index set a, one would use the sensors in this set to design an observer for that 
part of the state space which is observable from these sensors, and use the 
innovation of this observer as the desired residual. Generically, the order of this 

,i> 

filter is the same as the dimension of the state space; however, the observability 
index of (C^,A) is generically [n/|cr|] (jcrj denotes the number of the elements in cr) 
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which can be considerably smaller. 

Finally, the most challenging problem is to generate residuab that are 
insensitive and robust to the changes in the dynamic of the system. Lou [29] has 
done some preliminary work on the problem of robust parity relations, but the 
robust solutions of the more general problems that we have formulated in this work 
are not yet available. Using our results, it is clear that the residual generator is a 
finely tuned processor that relies heavily on the given dynamics of the plant. 
Specially for actuator failures, the design of the residual generator relies on 
inverting the transfer matrix of the system, which can be quite sensitive to changes 
in the system parameters. We also point out that the issue in robust residual 
generation is not simply the stability of the perturbed system as in many robust 
control problems, but the major issue is to preserve as nearly as possible the 
decoupled nature of the transfer matrices in the presence of plant uncertainty 
which, in the author’s view, is a much more complicated problem. 
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Appendix A 
Some Useful Definitions 


Definition 1: A relation R defined on a set X is said to be 


1. Reflexive, if for all i in T, x R x, i.e., x is related to x. 

2. Symmetric, if x R y implies and is implied by y R x. 

3. Antisymmetric, if x R y and y R x imply x = y. 

4. Transitive, if x R y and y R x imply x R x. 

Definition 2; Equivalence is a relation with reflexive, symmetric, 
and transitive properties. 

Definition 3: Partial Ordering is a relation with reflexive, 
antisymmetric, and transitive properties. 

Definition 4: A partially ordered set 5 with relation R is called a 
lattice if to every pair s,t € 5 there are elements s\J t and s A ^ in 5 that 
satisfy: 


1. 5,^ R 5 V and if s,t R r then s V ^ R r. We call s\J t the least 
upperbound (supremum) of s and t. 

2. sAfRs,^; and if rRs,t then rRsAt. We call sAt the 
greatest lowerbound (infimum) of s and t. 


Definition 5: A set G with a binary operation X is a group if 


1. The binary operation X is associative 
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2. There is a unity element e G G such that eXi — xXe = x for all 
X G G. 

3. For all xGG there is an element x“^ such that xX(x~^) = 
(x**^)Xx = e. 


If the binary operation of the group is also commutative, then the group is 
called an Abelian group or a commutative group. 


Definition 6: A set R with two binary operations + and X is a 
ring if 


1. R with the binary operation + is an Abelian group. 

2. The binary operation X is associative. 

3. The distributive law holds, i.e., xX(y+z)= xXy+xXz and 
{x+y)Xz = xXz+yXz for all x, y, z E R- 

A ring R is a commutative ring if in addition to the above conditions, the 
binary operation X is also commutative. 

Definition 7; Let R be a ring. A (left) R-module consists of an 
abelian group M together with an operation of external multiplication of 
each element of M by each element of R on the left such that for all 
o, ^ G M and x, y G R, the following conditions are satisfied: 


1. xa G M. 

2. x[a+0) = xa+x0. 

3. (x-l-y)a = xQ+ya. 

4. (xXy)o = i(yo!). 
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Appendix B 

Zeros of a Multivariable System 


Now we give a brief review of the concepts of the transmission and invariant 
zeros of a multivariable system. We refer the reader to (30) for a comprehensive 
treatment of these subjects. Consider the system {C,A,B) given in (2.37). On 
taking the laplace transform we have 


i(s) 


^0 



. y(^). 


where 


P{s) = 


si— A —B 
C 0 


and Xq is the initial condition. Apply an input u(s) = Uq/[s—z) to the system and 
consider the problem of determining if there exists a combination of Xq and Ug for 
which y{s) = 0. A simple computation shows that such an input and initial 
condition exist if and only if 


P{z) 


“0 


= 0 . 


We call Xq the state zero direction, and Uq the input zero direction . Moreover, it 
can be shown that if such an Xq exists, then x(s) = Xq/(s—z). 

Therefore, we are interested to see for what values of z the rank of P(z) is 
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smaller than its normal rank. Remember that the normal rank of a polynomial 
matrix is the order of the largest minor not identically equal to zero. Let us 
assume / > m (the case of more measurements than inputs). Obviously R(s) is a 
polynomial matrix; hence it can be reduced to its Smith canonical form 5(s) by 
multiplying it with unimodular matrices (i.e., polynomial matrices with constant 
non-zero determinants). Thus P(s) = L(s) 5(s) i?(s) for some unimodular matrices 
L(a) and R{a). Also 5{s) has the following form 


5(a) = 


5*(a) 0 
0 0 


where 5*(s) = diag{ei{3), . . . ,«;.(a)}. The diagonal elements, {e,(a), i G r}, are the 
invariant polynomials of F(a) and each is divisible, by the preceeding one. 
Moreover, r is the rank of 5(a). The invariant zeros of a system are the zeros of the 
invariant polynomials {a, (a), i E r} including the multiplicities. 

The rank deficiency of P (a) at the complex frequency z is called the geometric 
multiplicity of the corresponding zero and is equal to the number of the elementary 
divisors of F(a), which are associated with this z. The degree, p, of the product of 
the elementary divisors corresponding to z is called the algebraic multiplicity of the 
complex frequency z, and it is in general greater than the geometric multiplicity. 
Systems for which the geometric and algebraic multiplicities of all zeros are the 
same are called systems with simple structure. 

Now consider the transfer matrix G(.s) = C[sI—A)~^B. Write G(s) as 
G(s) = N{s)ld{3) where d(s) is the least common denominator of nonzero elements 
of G(s). Then N{s) is a polynomial matrix, and we can reduce it to its Smith 
canonical form 7T[a). Thus 'V(a) = L{s) 7(5) R{S) for some unimodular matrices 
L(s) and R(s). Clearly 7(5) has the form 
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7Is) = 


T*{s) 0 
0 0 


where T*(a) = diag{e^{3), . . . ,e^(a)}. The diagonal elements, {e,(s), i G r}, are the 
invariant polynomials of N(s), and r is the rank of the transfer function matrix. Let 
M{8) — T{8)/d{a) and carry out all the possible cancellations. M{s) is called the 
Smith-Mcmillan form of the transfer matrix. The zeros of the numerator 
polynomials of Ad(s) (including the multiplicities) are called the transmission zeros 
of the transfer matrix G(a). It is simple to show that for a complete system (i.e., 
(C,A) observable and (A,B] controllable) the sets of transmission zeros and 
invariant zeros of the system coincide. 

We can also give a geometric definition of the zeros of a system. Based on 
the spirit of this work we give a definition in terms of (C, ^4 )-in variant and 
unobservability subspaces. This definition is just the dual of the one given by 
Morse [36] (also see [15]). Consider the system {C,A,B) given in (2.37). Let 
W* = inf I^B), S* = inf S(B), and D G D{W*). Then the zeros of the system are 
defined as the spectrum of ^ where 

Aq = {A+DC : SVr ). 

Morse and Corfmat [9] have shown that cr(^) is the same as the set of invariant 
zeros of the system [C,A,B) including the multiplicities. 
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Appendix C 
Extension of RDDFP 


In Section 4.3, we pointed out that the solvability condition of RDDP in its 
most general form is unknown at this time, and in one development we required 
additional restrictions in order to determine solvability conditions. However, if the 
dimension of the residual generator is not restricted, then a substantially larger 
class of problems can be solved. The objective of this appendix is to construct a 
compatible family of u.o.s.’s which is related to the (probably non-compatible) 
infimal u.o.s.’s {5,*, fEk} satisfying the necessary condition of RDDFP. The 
procedure is an exact dual of the one used in the extended decoupling control 
problem (EDCP) [50, 32]. 

Assume that the system model is as described in (3.10) and consider the 
residual generator: 


w^{t) 

L ^(0 J 


A 0 
0 0 




^11 ^ 


12 




W2{t) J 

L^21 

■^22 J L 

fc o' 

Wj(<) 

— 

y{i) 


. ^ 2(0 . 


0 


y{t) - Cwy{t) 
Woit) 

], 1 6 k. 


+ 


B 

0 


u{t) 


(C.l) 


This processor is a restricted version of the general residual generator given in 
(3.11)-(3.13); however, it is more flexible than the filter we considered in Section 
4.3. Qualitatively, the flexibility is gained through the integration of the 
innovation. 

Let us define the extended subspaces JT® ;= X 0 X® and ]/® := ]/ 0 X® where 
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rf(X®)=n® . Let w^{t) := 0 W 2 {t) and y^t) := y{t) 0 0 £ I/®. We can rewrite 

(C.l) as follows: 

w%t) = A® w^{t) - Z>® (y^{t) - 6*® w%t)) -f 5® «(0, 

r,(<) = H,® (C® tn®(<) - y®(0). : G k. (C.2) 

The extended maps : Z® Z®, : U -* Z®, C® : Z® I/®, £>® : ]/® -> r®, 

and /f ,® : have obvious correspondence with the matrices of equation 

(C.l). 

Similar to RDDFP, let us investigate the problem of designing a processor 
with a structure as in (C.l) and with the following properties. A nonzero m,(/) 
should only affect r,(0 and no other residual ry(f), j ^ i. Also the system relating 
m,(<) to r,(<) should be input observable so that the failure of the i-th actuator 
almost always shows up in the i-th residual. This problem will be called the 
extended diagonal detection filter problem (EDDFP). 

It is possible to write the dynamics of the system relating the failures to the 
residuals in terms of an extended error vector e®(<) := e(^) 0 ^ 0(0 where 
e(t) := w^{t)—x{t). Using (C.l) and (C.2), we have 

e'(() = U'+D'C') e'(() - Z,,'m,((). 

ri(t) = Hi‘C‘ e'((), '■ e k. (C 3) 

where L,® := [L/, Oj '. 

Similar to RDDFP, EDDFP can be stated in a geometric setting as follows. 
Given A, C, and L,- (i G k), find the dimension of the state space extension 
n® = d(jr®), an extended output injection map T>® ; ]/® — *• Jf®, and a family of 
compatible extended (C®,A®) unobservability subspaces (e.u.o.s) {T,, *Gk} such 
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that 


Ti := <Ker H^^C^\A^+D^C^> = <Ker + T,\A^+D^C^>, i £ k, {C.4) 
(4-©0)C t;-, tGk, (C.5) 

(^,-©o)n t;- = o, iGk. (C.6) 

It is clear that EDDFP is an exact dual of the decoupling problem with dynamic 
compensation ; therefore, any of the existing solutions of the latter [50, 32], when 
dualized, is a solution to EDDFP. For this reason we shall only outline the main 
steps in the extension procedure. 

The most important step is to relate a (C7^A®) e.u.o.s and a {C,A) u.o.s. 
First, let us define some notation. Let L be an arbitrary subspace of Z®, and 
denote the family of (C®,A®) e.u.o.s containing L by 5®(L). Similarly, denote the 
family of (C®,A®) extended invariant subspaces containing L by }1]®(L). Using this 
notation, we state the following elegant result of Schumacher [41] (see also [46]) 
which relates the elements of S®(0) and )1(®(0) with those of S(0) and )1^0) 
respectively. 

Proposition 1: Let Q : Z® — *• Z be the embedding map defined in 
(3.21) and T C Z®; then 

T E S®(0) if and only if Q~^T E 5(0). 


Also 


T E if(0) if and only if Q-'^T E ^0). 




(NoteAhat the result of Proposition 1 of Section 4.1 is an immediate consequence of 
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the above proposition.) Now let E : X‘^ —*■ X be any arbitrary map and S be a 
u.o.s. Using Proposition 1, 5* := [/, ^]~^5 is an e.u.o.s. We also have 
(50O)C5®. Using this simple extension procedure, we construct a family of 
codependent, and hence compatible, e.u.o.s {T^,i£k} such that Q~^T^ = S* 
where {5,*, i £ k} is defined in (4.67). The details of this procedure are given in 
the next proposition. 

Proposition 2: EDDFP is solvable if and only if 
5,*rijC.,- = 0, iGk, (C.7) 

where 5,* := inf ,• family {L^, i E k} is 

strongly identifiable). 

Proof: (only if) Suppose {T,, : E k} is a solution of EDDFP. By 

(C.5), 

Hence, 

iiQQ-% (C.8) 

Also from (C.6), Q~^(£,- 0 0) n Q~^T^ = 0, hence 

£,.ng-iT;- = o. (c.g) 

Using Proposition 1 and (C 8), we know E S{L^). Also because S^* 

is infimal, S* C and using (C.9), the necessity of (C.7) follows 

immediately. 

(if) Let r,® be linear spaces with dimensions n—d{S*). Define 
= 0 Let : X’,'* -♦ X be arbitrary maps such that 
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Si* 0 Im £;, • = X. Define 

Tj := (7£’i0 ••• 

T 2 := [70£’2 ••• orV 

T„ := (/O 0 . . . 

By Propositon 1, T|- are e.u.o.s’s. Also a simple computation shows that 
the row spaces of the canonical projections of the family {7J-, i G k} are 
independent. Therefore, the family {7}, i E k} is codependent, and hence 
compatible. Also the family {7j-, i G k} clearly satisfies (C.6) and (C.5). 
Moreover, the observability of {C,A) implies that the pair is 

observable, and using the codependence property of {7J-, i G k}, we can 
use Proposition 25 of Section 4.4 to assign the eigenvalues of A^+D^C^ 
arbitrarily. 

Interestingly enough, the solvability condition of EFPRG and EDDFP is the 
same. Namely, for EDDFP to have a solution, the family of failure signatures 
should be strongly identifiable . This follows from the fact that any non-compatible 
family of u.o.s.’s satisfying the necessary condition given in (4.68) can be made 
compatible by appropriate extension. Note that in EFPRG, the compatibility was 
not an issue at all, since each residual was generated by a filter independent of the 
other filters. 

We should mention that the dimension of the extension in Proposition 2, i.e., 

U 

(EL. "--'(V )), is unnecessarily large. In general it is possible to develop more 
efficient extension procedures. For that, a better compatibility test than the 
codependence property is needed. From Proposition 14 of Section 4.3, the family 
{Si\iek} is compatible if and only if the dual radical of the family, S , is 
(C,A)-invariant. Using this fact, our objective shall be to construct a family of 
extended unobservability subspasces {7j-, 1 G k} such that Q~^T^=S*, and the 
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dual radical of {7^-, i £lc} is (C®, A*) invariant. However, to assign the eigenvalues 
of arbitrarily, the dual radical of (7j-, i G k} should be an e.u.o.s (see 

(4.85)) and being (C®,A®) invariant is not enough. Hence, first compute the 

• • 

subspace 5 := inf S(5 ) where S is the dual radical of {5,*, t'Gk}. Then 
construct {7^, t'Gk) such that S =Q~^T. The details of constructing such 
{7j-, I G k} are the dual of the extension procedure given in Chapter 10 of [50|. We 
omit the repeatition of these details. 

As should be clear, EDDFP can be formulated as an EDCP by a simple 
dualization, and then the transpose of the state feed-back gain which solves EDCP 
is the output injection map for EDDFP. Hence, it is possible to use the existing 
software for EDCP in solving EDDFP. Now the generic solvability of EDDFP is 
stated. 


Proposition 3: Let A, C, and L,- be arbitrary matrices with the 
respective dimensions nXn, IXn, and nXk^. .Also let K := 

Then EDDFP is generically solvable if and only if 

K < n, (C.IO) 

iC— min {/r,-, i G k} < 1. (C.ll) 

Moreover, if EDDFP is solvable, the order of the extension is generically 


(Ar-l)(n-/C), ifK>l 
0, t/K<l 


(C.12) 


0 

Note that when (C.IO) and (C.ll) are satisfied, then the dual radical S is 

L 

generically equal to L,. The bound on the extension follows from the generic 
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dimension of the smallest unobservability subspace •which contains the dual radical . 
For a proof of these results we refer the reader to Theorems 11.1 and 11.3 of (50], 

Interestingly enough, when K > I, the order of the solution to EFPRG given 
in Theorem 4 of Section 4.1.1 is generically same as the order of the solution to 
EDDFP with efficient extension. To show this fact, from Section 4.1.1 the order of 
the solution to EFPRG is generically 

which is equal to the order of the solution to EDDFP with efficient extension, i.e., 
n+{k—l)(n—K) (see (C.12)). Using this equality, a solution to EFPRG is generically 
preferable over a solution to EDDFP, since the solution to EFPRG is a collection of 
several different decoupled filters that are less sensitive to perturbations and are 
computationally more advantageous to implement. 
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